Cybercrime continues to advance by leaps and bounds, practically at the same time as technology, and its methods for accessing computer systems are becoming more and more sophisticated. But hackers focus mainly on mobile phones, since they are the means of communication that we use the most daily and where we enter the most personal information. In this case, one of the most dangerous malware that exists is bypassing Android security and attacking banking data.
Sometimes, we find ourselves inside a bubble in which hackers have trapped us and we don’t realize how exposed we are. By simply adding our private data in any application we have the possibility of becoming victims of cybercrime, although, fortunately, this does not happen every day. Therefore, to burst this bubble, you need to have enough knowledge to avoid these cyber attacks.
However, they are not always possible to identify, since the tools that criminals use to carry out their actions are increasingly imperceptible. Without a doubt, the biggest executions are suffered through our smartphones, the most convenient way to inject Trojans and bring all our information to light. Below, we detail which Trojan is causing the most headaches and how they make Android their main focus.
The most dangerous Android banking malware
Among the most difficult to detect Trojans, SoumniBot is one of the most threatening that exists today and one of its latest interventions has managed to evade the security measures of Android operating systems and extract the confidential information of thousands of users. Luckily, in Spain we can take a deep breath, since this malware is aimed at mobile devices in Korea.
The cybersecurity company Kaspersky was in charge of alerting the Korean population and those responsible for Google, who have analyzed in depth all of its dark maneuvers. Specifically, one of the files present in the root of each application, called AndroidManifest.xml, which contains various permissions and data, has been manipulated to trick security tools into running on the devices and then When it comes to analysis, do not conflict.
The hackers implemented a different configuration of the application code that caused great confusion to the antivirus, so that they had free rein to attack their victims. In this way, the user’s entire profile was collected for a certain time, and in just 15 seconds they managed to obtain their phone number, photographs, videos, bank accounts, IP addresses, etc.
However, Kaspersky has indicated that it is still immersed in the origin of SoumniBot, analyzing all the details, since it is not clear how it manages to clearly enter the devices, but the idea of ​​it being accessed from APK applications in Android stores is being considered. from third parties and suspicious websites. And so that users do not realize that the malware has been installed on their devices, its icon is hidden to make it more difficult to remove.
For now, and even though this type of virus has not crossed the border, it is best to take the necessary precautions to not install applications that are outside the Android Play Store.
