The continuation and growth of an Android smart banking Trojan campaign that is aimed at significant Egyptian banks have been discovered by security researchers.  ,
According to a recent report by Zimperium malware analysts Aazim Bill SE Yaswant and Vishnu Pratapagiri, the campaign, which was first discovered in July 2023, has no just persisted but has also developed with improved capabilities.
Four clusters of credential-harvesting apps that imitated big Iranian banks were found during a previous investigation by the company and were in use between December 2022 and May 2023. These apps may intercept SMS for one-time password ( OTP ) codes, hide app icons to prevent uninstallation, and steal credit card and banking login credentials.
The identification of 245 innovative app variants linked to the same threat actors is one of Zimperium’s most recent findings, which were released today. Importantly, 28 of these variants go unnoticed by scanning tools used in the industry.  ,
The fresh iterations broaden the campaign’s focus by focusing on more banks and exposing the threat actors ‘ aspirations to grow even more. The malware today also shows a desire to learn more about different cryptocurrency wallet applications, pointing to potential future targeting.
The malware’s next iteration even added unnoticed features like using accessibility services for outline attacks, automatically granting SMS permissions, preventing uninstallation, and using GitHub repositories for data exfiltration techniques. The study furthermore highlights vendor-specific attacks on Samsung and Xiaomi devices as well as a possible desire to target iOS devices.
Related threats are discussed in more detail: SpinOk Trojan Compromises 421 Million Android Devices
The significance of runtime visibility and protection for wireless applications was emphasized by Yaswant and Pratapagiri.
Runtime visibility and protection are essential for portable applications because it is clear that modern malware is becoming more advanced and targets are growing, according to the researchers.
An invitation to explore Indicators of Compromise ( IOCs ) on their GitHub repository, which offers a comprehensive list for security practitioners to strengthen defenses against this evolving threat, is included in the Zimperium research article‘s conclusion.
