Kaspersky Lab has picked up on a large-scale distribution campaign of the infamous mobile banking Trojan, Asacub.
Researchers at the company estimate Asacub is reaching 40 thousand individuals each day. Although the Trojan is primarily aimed at Russian users, it has also hit users in many other countries, including Germany, Belarus, Poland, Armenia, Kazakhstan and the US.
According to Kaspersky, Asacub was discovered in 2015, and has evolved over the years. Its erlier iterations were closer to spyware than banking malware. They could steal all incoming SMS messages, irrespective of the sender, and upload them to the intruders' server. The functionality of the latest Asacub modifications help attackers gain remote control of infected devices and steal banking data.
Over the last year, Asacub authors have been upping their efforts and conducting large scale campaigns for its dissemination, to the point that it has held the leading position among mobile banking Trojans for the past twelve months.
Researchers say the reason behind its continued sustainability is that the domains of its command server change, and there are disposable phishing links for downloading the Trojan.
How it works
Asacub is distributed through phishing SMS messages, which invite victims to view a photo or MMS message. If the victim's device settings permit installations from unknown sources, Asacub is able to install itself on the target device as the default SMS application.
In this way, when a new SMS message arrives, it can transmit the sender's number and message text to the intruders' command server. Asacub can withdraw funds from a bank card attached to the phone by sending SMS messages for transferring funds to another card or phone number, and it can intercept SMS messages from a bank containing one-time passwords.
Tatyana Shishkova, malware analyst at Kaspersky Lab, says the Asacub Trojan highlights how mobile malware can function for several years with minimal changes to its distribution pattern.
"One of the main reasons for this is that the human factor can be leveraged through social engineering: SMS messages look like they are meant for a certain user, so victims unconsciously click on fraudulent links. In addition, with regular change of domains from which the Trojan is distributed, catching it requires heuristic methods of detection," she adds.
Better than cure
Kaspersky advises users to follow several steps to avoid getting infected with mobile banking malware:
- Only download applications that are from official resources;
- If possible, disable the installation of applications from third-party sources in smartphone settings;
- Never click on links from suspicious or unknown senders;
- Install a reliable security solution to protect mobile devices.
Share