no-image

Jack of all trades

Among this array of threats we found a rather interesting sample – Trojan.AndroidOS.Loapi. This Trojan boasts a complicated modular architecture that means it can conduct a variety of malicious activities: mine cryptocurrencies, annoy users with constant ads, launch DDoS attacks from the affected device and much more. Read Full Article

no-image

Still Stealing

Two years ago we published a blogpost about a popular malware that was being distributed from the Google Play Store. In October and November 2017 we found 85 new malicious apps on Google Play that are stealing credentials for VK.com Read Full Article

no-image

Booking a Taxi for Faketoken

The Trojan-Banker.AndroidOS.Faketoken malware has been known about for already more than a year. Throughout the time of its existence, it has worked its way up from a primitive Trojan intercepting mTAN codes to an encrypter. Not so long ago, thanks to our colleagues from a large Russian bank, we detected a new Trojan sample, Faketoken.q, which contained a number of curious features. Read Full Article

no-image

A new era in mobile banking Trojans

In mid-July 2017, we found a new modification of the well-known mobile banking malware family Svpeng – Trojan-Banker.AndroidOS.Svpeng.ae. In this modification, the cybercriminals have added new functionality: it now also works as a keylogger, stealing entered text through the use of accessibility services. Read Full Article

no-image

Ztorg: from rooting to SMS

I’ve been monitoring Google Play Store for new Ztorg Trojans since September 2016, and have so far found several dozen new malicious apps. All of them were rooting malware that used exploits to gain root rights on the infected device. In May 2017, a new Ztorg variant appeared on the Google Play Store – only this this time it wasn’t a rooting malware but a Trojan-SMS. Read Full Article

no-image

Ztorg: money for infecting your smartphone

This research started when we discovered an infected Pokémon GO guide in Google Play. We detected the malware as Trojan.AndroidOS.Ztorg.ad. After some searching, I found some other similar infected apps that were being distributed from the Google Play Store. After I started tracking these infected apps, two things struck me – how rapidly they became popular and the comments in the user review sections. Read Full Article

no-image

Financial cyberthreats in 2016

In 2016 we continued our in-depth research into the financial cyberthreat landscape. We’ve noticed over the last few years that large financial cybercriminal groups have started to concentrate their efforts on targeting large organizations – such as banks, payment processing systems, retailers, hotels and other businesses where POS terminals are widely used. Read Full Article