Group-IB catches wave of Android Trojan viruses imitating bank apps

MOSCOW, Nov 29 (PRIME) -- Russia’s Group-IB, one of the global leaders in preventing and investigating high-tech crimes and online fraud, has registered a new wave of massive expansion of Trojan viruses disguised as Android mobile applications of the country’s leading banks, Group-IB said on Wednesday in a statement.

“It should be noted that the quality of fake applications by design and mechanics of infection is constantly rising, which misleads many users who do not pay attention to critical details, like a domain name or readdressing to a third-party resource,” Alexander Kalinin, head of Group-IB’s response center CERT-GIB, said.

The company’s analysts revealed about 10 high-quality resources that imitated mobile applications of the country’s top 10 banks. The services were quickly blocked by Group-IB, and fraudulent advertisements were deleted by search engines.

The viruses are distributed not via the official application store Google Play, but through advertisements in search systems.

When looking for a bank application in a search engine, users saw first advertisements of such applications. After clicking such a banner, the user was readdressed to third-party resources offering to install an application, which hid the Trojan virus.

According to Group-IB estimations, damages caused to individuals by banking Trojans for Android devices more than doubled in 2016–2017 to U.S. $14 million, while damages for personal computers was 30% less.

End