Android users: beware ‘Invisible Man’ malware disguised as Flash

By | August 3, 2017

Source: Sophos Naked Security

Android users have a new threat to worry about: keylogging malware that masquerades as a bogus Flash update and steals banking data. Needless toQualTech Endpoint Security with Sophos | QualTech360MobileSecure say, criminals in possession of your credentials will happily suck your bank accounts dry.

SophosLabs detects the malware as Andr/Banker-GUA and is blocking it from customers. Also known as “Invisible Man,” the malware is a variant of Svpeng whose original authors fell foul of Russia’s Ministry of the Interior in 2015.

The malware starts by checking your phone’s language settings. If the phone is set to Russian, the malware aborts. If it’s anything else then it proceeds to ask permission to use accessibility services.

Accessibility services are there to help users with disabilities but the access they allow can also be used for malicious ends.

Invisible Man uses accessibility services to draw things on your screen above other apps, and to install itself as the default SMS app.

That ability to draw something on screen above other apps is used to create invisible overlays that sit above legitimate banking apps. The overlay intercepts keystrokes the victim thinks they’re typing into the app underneath such as usernames and passwords.

Read more here.

You are not protecting your mobile devices you should consider endpoint security services to protect your for mobile devices.

#QualTech360Care #EndpointProtection #Critical Infrastructure #QualTech360Secure #QualTech360MobileSecure

Leave a Reply