Svpeng Android Banking Malware Tweaked With Keylogger Feature

New day, new hack attack. Hackers are becoming more innovative in their tricks and apt at their social engineering skills.
Now, their attacks are hard to predict and detect, and they are adopting stealthy techniques lately.

Kaspersky Lab’s security researchers said the most dangerous android banking Trojan family of all namely Svpeng has now been equipped with keylogger option. This has provided cyber criminals easy access to sensitive data logs.

This malware uses Android’s Accessibility Servicse for adding keylogger. It is a service from android that provides users substitue methods of interacting with their devices.

Svpeng Trojan has become more powerful because it can now steal entered text from all the apps installed on the android device as well as logging all the keystorkes. As if this not enough, it grabs more permissions and rights to prevent uninstallation of the malware.

This version of Svpeng is although not deployed widely users in 23 countries including Russia, Poland, Germany, Turkey, and France have already clicked on it. However, Russian users are not at all attacked. Unuchek highlighted a key fact that when the device is infected, the malware identifies the language of the device and if it is Russian it does not perform any malicious acts. This hints on the involvement of Russian threat actors in this latest malware spree.

The trojan is being distributed via infected websites, which are presented as Flash Player. When device is infected, and language checked, the malware exploited Accessibility Servicse to launch dangerous attacks. Than it grabs admin rights, hacks legit apps for displaying an overlay, grants itself dynamic permissions like making calls or sending/receiving messages. It also blocks all kind of attempts from the victim to remove admin rights.

This is how it blocks from removing admin rights:

It also steals the text entered on apps and takes screenshots whenever the victim presses a key on the keyboard. As Unuchek said:

“Some apps, mainly banking ones, do not allow screenshots to be taken when they are on top. In such cases, the Trojan has another option to steal data – it draws its phishing window over the attacked app.”

Then informations are uploaded to the C&C server of the hacker.

How to protect your smartphone from hackers

There are standard protection measures you need to follow to remain safe:

  • Always stick to trusted sources, like Google Play Store and the Apple App Store, but only from trusted and verified developers
  • Do not download apps from third party sources, as most often such malware spreads via untrusted third-parties.
  • Never click on links provided in an SMS, MMS or email. Even if the email looks legit, go directly to the website of origin and verify any possible updates.
  • Most importantly, verify app permissions before installing apps. If any app is asking more than what it is meant for, just do not install it.
  • Avoid unknown and unsecured Wi-Fi hotspots and keep your Wi-Fi turned OFF when not in use.


Leave a Reply

Your email address will not be published. Required fields are marked *