After Whatsapp, The Chinese WeChat is the second most popular messaging application and currently being targeted by cybercriminals to spread a new Banking Trojan in order to steal the financial information from its users.
WeChat is a famous mobile instant messaging app developed by Chinese company Tencent, with more than 355 million users across the world. The app offers people to chit-chat with their friends and relatives, and also allows users to make payments for goods and services on WeChat.
The Payment feature of the app requires users’ bank account details to their messenger account and this is what tempting cybercriminals to develop new and more sophisticated banking Trojans and malwares.
The security researchers at Kaspersky Lab have uncovered such banking Trojan, dubbed as Banker.AndroidOS.Basti.a, which looks exactly like the legitimate WeChat application for Android devices. While installation, it also requires the same permissions such as to access the Internet, received SMSs, and other services just like the real Wechat app.
Researchers found that some modules of the malware app are encrypted and this feature makes it different and sophisticated from other Mobile banking malwares. The malware authors have used an effective encryption in order to prevent Banker.AndroidOS.Basti.a trojan from reverse engineering of the code.
However, the Kaspersky researchers have successfully managed to decode the threat module and found that the malware is capable to perform various types of malicious tasks, including its more professional GUI, which makes it an efficient phishing tool.
Once the malicious WeChat app installed on the victims’ android devices, they are served a page asking to enter some useful information including their phone numbers, payment card numbers, PINs and other financial data.
As soon as a victim provides the personal details to the fake app, it sends them back to an email account controlled by the malware author. “This Trojan-Banker also registered a BootReceiver. It will monitor newly received text messages and uninstall broadcasts from the infected mobile.” they noticed.
The email account name and password details are hard-coded in the source code of the trojan and researchers have successfully retrieved it. They logged into the attackers email account and found that the banking trojan has already made lots of victims.
As the online apps are becoming more popular among the people, hence becoming an easy and a tempting target for cyber thieves. So, its up to you to better safeguard your data privacy.
Make sure that you have installed a reputed mobile security software in your devices. Always update your software applications to the latest version and avoid providing your sensitive information to any suspicious websites or downloading any app from any untrusted source.
Source : The Hacker News