New Android Malware that Arrives as a Fake Update

In recent times, both brands and users have increased awareness about the importance of updates. Brands update more and better, and users know that it is important to have the latest version. But precisely this interest is being exploited by cyber-criminals to, once again, try to infect our device.

It was precisely during the pandemic, when attacks related to malware on mobile devices and more specifically on Android have increased. Many users have had to make forced use of tools such as online banking or order more packages at home. This has been used so that cyber criminals devise formulas to take advantage of this situation. Fortunately, almost before the malware can spread, the problem goes viral to raise awareness among the majority of potential victims.

Malware camouflaged as an update

The latest attack that we have been alerted to thanks to MalwareHunter and collected by the ESET laboratory, uses a similar system to the previous ones, but alerting of a new Android update. Since we users know that the new versions of Android include very juicy new features, functions and important security corrections, cybercriminals are trying to infect through this means, with a fraudulent SMS that alerts of a new update available and takes the user to a link where you will download the disguised malware from a legitimate update.

In the first instance, it is possible that it is the system itself that slows down the installation attempt, since installations from unknown sources are disabled by default . However, in many cases this will not be the case, and permission could also be granted at the time to proceed with the installation. Apart from this permission, on many occasions special permissions are requested, such as Accessibility, which makes it difficult to uninstall these types of apps.

malware para android

Theft of sensitive information

This fake Android update is just another banking Trojan, whose purpose is to steal personal and sensitive information related to online banking or even intercept SMS containing temporary one-time codes. The objective is to be able to make money transfers from the victim’s account to other accounts controlled by the attackers, according to ESET.

As this laboratory has been able to find out by analyzing the sample, it appears to be a variant of the Cerberus banking Trojan. Therefore, we could be before the beginning of a new massive campaign or the action of a lone wolf trying to obtain profit. Therefore, as always, we must be wary of any external link that reaches us by SMS and that invites us to download any application.

Source> ESET