Your browser is obsolete!

The page may not load correctly.

Free trial
Dr.Web for Android

Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support

Send a message

Call us

+7 (495) 789-45-86

Forum
Profile

Back to news

Dangerous Trojan steals credit card information from Android devices

July 16, 2014

Doctor Web is issuing a warning to Android handheld owners about a new Trojan that can steal information about the credit cards they use when making transactions on Google Play.. The malware is spread in the guise of a Flash player and lures users into divulging their bank account details, which may enable criminals to steal money from the corresponding account.

Dubbed Android.BankBot.21.origin by Doctor Web and distributed under the guise of Adobe Flash Player, the malware is designed to steal credit card information and to send and intercept SMS messages.

Once the Trojan has been installed and launched, it attempts to gain administrator privileges by displaying a corresponding system request every 0.1 seconds, giving users virtually no chance to decline it. In this way the malicious program guarantees itself a certain level of protection against its possible future removal.

screen

In order to get hold of credit card information, Android.BankBot.21.origin checks the availability of an active Google Play application window. If one is present, the malware displays a standard credit card information form used to associate a credit card with an account.

screen screen screen

All the submitted information, such as the card number, expiration date and CVC code, and the address and phone number of the cardholder, is transmitted to the attackers' server. In addition, information about the infected device, including the handset model, IMEI, OS version, list of installed application and the contents of all the available short messages, also ends up on the criminals' server.

screen

Apart from serving its main purpose—stealing valuable financial information—Android.BankBot. 21.origin can carry out a number of other actions when commanded by the attackers to do so. These commands can be sent directly by the control server as well as via short messages. In particular, the Trojan can intercept all incoming SMS messages and can also send specific text messages to certain numbers.

There are indications that this malicious program can be used by cybercriminals to automatically debit bank accounts, so Android handheld owners must take extra care and refrain from installing suspicious applications.

Dr.Web for Android detects and easily neutralises this threat.

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2017

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040