WeChat Users Beware! TroJan Malware That Steals Bank information.
Recently it seems that there been a Trojan malware circulating on the popular messaging application WeChat. The Trojan malware has been said of targeting the banking data of users, while be disguised as a fake WeChat application.
Kaspersky lab stated that this new malware came around as Internet financial services continue to grow rapidly and more online financial services are become even more accessible from mobile devices.
“Recently Kaspersky Lab intercepted a new Trojan-Banker like this. It was detected as Trojan-Banker.AndroidOS.Basti.a. This Android app is disguised as a normal WeChat app on the phone,” lab expert Vigi Zhang said in a blog post.
He went on to further elaborate on how this shows cybercriminal efforts to “steal sensitive information and get a hold of other people’s hard earned cash.”
Zhang pointed out that WeChat is a really famous mobile instant messenger within China and has features that allow its users to make their payments through the application.
“Its huge market share also makes it a tempting target for criminals, who are developing Trojan-bankers to mimic it,” he said.
Zhang stated that the fake application tends to request some sensitive previleges, such as android.permission.RECEIVE_SMS.
“The author of the Trojan wanted to prevent analysts from reverse engineering the code, so it is encrypted with ‘bangcle secapk’. We couldn’t get any useful information out of this encrypted sample,” he noted.
After managing to successfully decode some of the sample, he stated that they found out that the maleware is capable of a variety of malicious behavior.
“When executed it opens a special GUI to let users input their bank related information, including bank card number, PIN code and mobile phone number,” he said.
By doing this, the information that was inputted is sent towards the Author behind the Trojan via email.
Zhang Further added that the Trojan-Banker registered a BootReceiver that will monitor any newly received text messages and uninstall broadcast from the infected mobile device.