跳到主体内容

Asacub Android Trojan: From Information Stealing to Financial Fraud

2016年1月20日

Kaspersky Lab’s Anti-Malware Research team has discovered Asacub – a new malware that targets Android users for financial gain.

Kaspersky Lab’s Anti-Malware Research team has discovered Asacub – a new malware that targets Android users for financial gain. When first identified, Asacub displayed all the signs of an information stealing malware; however some versions of the Trojan are targeting users of online banking in Russia, Ukraine and the US.

With millions of people worldwide using their smartphones to pay for goods and services, 2015 saw cybercriminals exploit this by focusing their efforts on developing malicious financial programs for mobile devices. For the first time, a mobile banking Trojan entered the Top-10 most prevalent malicious programs targeting finances. The Asacub Trojan is yet another example of this worrying trend.

The first version of the Asacub Trojan, discovered in June 2015, was capable of stealing the contact lists, browser history, list of installed apps, sending SMS messages to given numbers and also blocking the screen of an infected device – all standard functions for a typical information stealing Trojan.

However, in autumn 2015 Kaspersky Lab’s experts discovered several new versions of the Asacub Trojan which confirmed its transformation into a tool for stealing money, with the new version equipped with phishing pages mimicking log-in pages of banking applications. At first it looked like Asacub was targeting only Russian-speaking users, because the modifications contained fake log-in pages of Russian and Ukrainian banks. But after further investigation, Kaspersky Lab’s experts found a modification with fake pages of a large US bank. These new versions also contained a new set of functions including call redirection and sending USSD requests (a special service for interactive non-voice and non-SMS communications between the user and cellular provider), which made Asacub a very powerful tool for financial fraud.

Although Kaspersky Lab has been aware of several different versions of the Trojan for some time, the company’s threat detection systems found almost no sign of active Asacub campaigns until the end of 2015. Within just one week, Kaspersky Lab identified more than 6,500 attempts to infect users with the malware making it one of the 5 most popular mobile Trojans of that week, and the most popular Trojan-Banker.  

“When analyzing this Trojan, we found that the Asacub malware has connections to criminals with links to a Windows-based spyware called CoreBot. The domain used by Asacub’s Command&Control center is registered to the same person as tens of domains that were used by Corebot. It is therefore highly likely that these two types of malware are being developed or used by the same gang, who see huge value and criminal gain in exploiting mobile banking users. Based on current trends, we can assume that in 2016, the development and prevalence of mobile banking malware will continue to grow and account for an even greater share of malware attacks. Users need to be extra vigilant to ensure they don’t become the next victim”, warns Roman Unuchek Senior Malware Analyst at Kaspersky Lab USA.

To help users keep their finances secure and defend against the latest malware threats, Kaspersky Lab products successfully detect and block the Asacub malware.

To learn more about this and other malicious programs, visit Securelist.com.

Asacub Android Trojan: From Information Stealing to Financial Fraud

Kaspersky Lab’s Anti-Malware Research team has discovered Asacub – a new malware that targets Android users for financial gain.
Kaspersky logo

关于卡巴斯基

卡巴斯基是一家成立于1997年的全球网络安全和数字隐私公司。卡巴斯基不断将深度威胁情报和安全技术转化成创新的安全解决方案和服务,为全球的企业、关键基础设施、政府和消费者提供安全保护。公司提供全面的安全产品组合,包括领先的端点保护解决方案以及多种针对性的安全解决方案和服务,以及用于应对复杂和不断变化的数字威胁的网络免疫解决方案。全球有超过4亿用户使用卡巴斯基技术保护自己,我们还帮助全球200,000家企业客户保护最重要的东西。要了解更多详情,请访问www.kaspersky.com.cn.

相关文章 企业新闻