• Total Members: 12780
  • Latest: eduard
  • Total Posts: 28049
  • Total Topics: 8055
  • Online Today: 853
  • Online Ever: 51419
  • (01. January 2010., 09:27:49)

Author Topic: Android Banking Trojans Target Italy and Thailand  (Read 618 times)

0 Members and 1 Guest are viewing this topic.


  • SCF VIP Member
  • *****
  • Posts: 714
  • KARMA: 114
  • Gender: Male
  • Pez
Android Banking Trojans Target Italy and Thailand
« on: 20. March 2013., 10:15:38 »
Android Banking Trojans Target Italy and Thailand

A very profitable line for mobile malware developers is Android banking Trojans, which infect phones and steal passwords and other data when victims log onto their online bank accounts. One recent trend is Android malware that attacks users in specific countries, such as South Korea and India. We have already seen this type of malware posing as mobile applications from banks in Spain and Portugal. Now a new threat distributed via phishing links targets users of banks in Italy and Thailand using the following icons:

When the malware runs, it asks the user to input a password and confirm it. If the passwords do not match, the app will show an error message:

However, unlike Android/FakeToken, this malware does not send the password to the attacker via the Internet or SMS. Instead, it sends an SMS to a specific number in Russia with the text “Ya TuT :D” (“I am here,” in Russian) or “init” the first time that the application is executed. If the passwords match, the application shows the traditional fake security token seen in other families of Android banking Trojans:

After the user closes the application, in the background the malware intercepts all incoming SMS using a receiver and the API call “abortBroadcast.” However, not all the SMS messages are sent to the remote attacker in Russia because they can be filtered used two mechanisms:

• Sending an SMS with the keyword “@DELETE” disables the forwarding of SMS

• Checking if a potential mTAN is still valid. Checking if the difference between the Start Time (when the SMS is processed) and the current time exceeds the Work Time (the time during which the mTAN is valid), in which case that specific SMS is not forwarded to the attacker

In addition to the versions that directly target banks and financial institutions, there is also a variant of this family that tries to impersonate the security application Trusteer Rapport (just as the first Zitmo variant for Android did in July 2011):

Despite the fact that the user interface of this variant is different, the behavior is the same as the one already described. If you have been a target of this malware, contact your respective banks for instructions to secure your account. McAfee Mobile Security detects this threat as Android/FkSite.A and alerts mobile users if it is present on their devices, while protecting them from any data loss. For more information about McAfee Mobile Security, visit

Orginal article: Tuesday, March 19, 2013 at 10:39pm by Carlos Castillo
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing !,8405.msg21475.html#msg21475

Samker's Computer Forum -

Android Banking Trojans Target Italy and Thailand
« on: 20. March 2013., 10:15:38 »


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising