SpyLocker’s malicious script collects debit and credit cards data from Android mobile devices.
With the increasing use of smartphones, cyber criminals are not wasting their time, but instead quickly finding ways to make some money out of it. A new sophisticated threat has been detected recently – Android banking Trojan SpyLocker. When it first appeared, it was initially distributed as fake Adobe Flash Player and targeted customers of banks in Australia, New Zealand, and Turkey. Recently, however, security experts alarm of detecting new updates related to SpyLocker. With changes to its target base, as well as its method of distribution being reported. SpyLocker not only uses malicious websites that fake an update of Flash Player but also WordPress and Joomla hacked websites that distribute a “porn player” malware.
A drive-by download of a file named “pornvideo.apk” runs immediately when the unsuspecting users land on the compromised website. SpyLocker also uses adult sites to trick users to visit the infected page and activate the automatic download of the malicious script. Despite the name of the downloaded file, when installed on the device, SpyLocker appears as a Flash Player icon, or in most recent infections, as an update icon.
That icon disappears from the home screen as soon as the app is executed. Then, SpyLocker constantly keeps asking for device administrator rights. This way it gains control over the mobile device and makes its removal difficult. If the victim tries to deactivate the malware app, it locks the device and prevents users from clicking the deactivation option.
Security experts warn that lately, SpyLocker has been actively targeting banking and financial apps in Europe. Users in Poland, France, Italy, United Kingdom and even Russia have been detected as potential targets, experiencing variants of phishing attacks related to this Banking Trojan.
SpyLocker’s malicious script collects debit and credit cards data and accounts credentials of victims, using banking apps on their infected Android mobile device. Not only that, but it constantly sends the collected data to a remote server, this way compromising the users’ security and disclosing the gathered data to the cybercriminals. It also monitors your Google account and popular apps such as Instagram and eBay to display a phishing page and steal users’ credentials.
To stay away from such threats, it is important for users to be informed. Bear in mind that Android threats are constantly evolving. Banking Trojans like SpyLocker are being frequently updated by adding new targets, switching their distribution methods, and implementing more sophisticated phishing techniques in order to collect even more data from their victims. Of course, these actions help cybercriminals to get rich from their criminal deeds and steal users’ hard-earned money. If you are concerned about your privacy, our “How to remove” team would advise you to protect yourself by installing security software on your mobile device. It is also good to remember that Android updates are never delivered via automated file downloads when you visit a website. And last, but not least, do not trust apps, which are downloaded from unknown sources.