Mobile threats

Mobile espionage targeting the Middle East, new FinSpy iOS and Android implants, Dtrack banking malware and other security news

Now one can say that only the lazy did not use Hqwar: Kaspersky’s collection of viruses features over 200,000 Trojans packed using Hqwar.

BRATA” is a new Android remote access tool malware family. It exclusively targets victims in Brazil: however, theoretically it could also be used to attack any other Android user if the cybercriminals behind it want to.

Recently, the popular CamScanner – Phone PDF creator app caught our attention. After analyzing the app, we saw that the developer added an advertising library to it that contains a malicious dropper component.

Targeted attacks, malware campaigns and other security news in Q2 2019.

Kaspersky solutions blocked 717,057,912 attacks launched from online resources in 203 countries across the globe, 217,843,293 unique URLs triggered Web Anti-Virus components.

In the first half of 2019, more than 430,000 unique users were attacked by financial threats – seven percent more than during the same period in 2018. The number of financial attacks was 10,493,792 – 93% more than in the first half of 2018.

Since 2011 Kaspersky has continuously monitored the development of FinSpy and the emergence of new versions in the wild. According to our telemetry, several dozen unique mobile devices have been infected over the past year, with recent activity recorded in Myanmar in June 2019.

Riltok is one of numerous families of mobile banking Trojans with standard (for such malware) functions and distribution methods. Originally intended to target the Russian audience, the banker was later adapted for the European “market.

Many people have had a run-in with subscriptions to mobile content providers. They appear out of the blue, and get discovered only when account funds run dry. We recently discovered several apps in Play Market directly related to such intrusive services.

In Q1 2019, Kaspersky Lab solutions blocked attempts to launch one or more types of malware designed to steal money from bank accounts on the computers of 243,604 users and detected attacks using miners on the computers of 1,197,066 users.

Zebrocy and GreyEnergy, four zero-day vulnerabilities in Windows, attacks on cryptocurrency exchanges, a very old bug in WinRAR, attacks on smart devices and other events of the first quarter of 2019.

If someone steals your phone number, you’ll face a lot of problems, especially because most of our modern two-factor authentication systems are based on SMSs that can be intercepted using this technique.

BasBanke is a banking Trojan built to steal financial data such as credentials and bank card numbers, but not limited to this functionality. The propagation of this threat began during the 2018 Brazilian elections, registering over 10,000 installations to April 2019 from the official Google Play Store alone.

One year has passed since we published the first blogpost about the Roaming Mantis campaign, and this February we detected new activity by the group. Here we follow up on our earlier reporting about the group with updates on their tools and tactics.