Android.SmsSpy.88: One trojan για Android που ανακαλύφθηκε από την Ρώσικη εταιρεία better safetys Dr.Web, seems to have evolved over the past two years from a simple spyware banking trojan, to a mobile ransomware threat.
Ανιχνεύθηκε για πρώτη φορά τον Απρίλιο του 2014. Το trojan αρχικά μοιραζόταν μέσω SMS spam, και από τη στιγμή που προσγειωνόταν στη device του θύματος, ήταν σε θέση να παρακολουθεί τις τηλεφωνικές κλήσεις και τα μηνύματα SMS, που χρησιμοποιούνται συνήθως από τα συστήματα ελέγχου ταυτότητας δύο παραγόντων.
As time went by, the trojan Android.SmsSpy.88 evolved with the addition of the ability to debug credit card data as the developer managed to emulate logins of popular Russian banking systems on Google Play.
But the biggest update was at the end of 2015. Dr.Web reports that the trojan is now able to fish for credentials from virtually any bank around the world, along with the ability to lock the user's screen and ask for ransom.
This increase in functionality has had an impact on the Trojan distribution model, which instead of SMS spam uses false Adobe Flash Player applications.
Security firm Dr.Web also noticed that the trojan started using a very customizable bank Phishing popup, which allows malware owners to modify the content of the popup much more easily to target any bank they want.
.
The latest versions of Android.SmsSpy.88 require administrator rights, a stable Internet connection, and are full of dangerous features.
The trojan before locking the device sends USSD, MMS, sends SMS spam to all phone contacts, and more.
All of these are managed by C&C servers, and Dr.Web claims to have identified over 50 different management and control servers.
The large number of different C&C servers is explained by the fact that the creator of Android.SmsSpy is extremely busy advertising and renting his infrastructure to other criminals on the Dark Web.
The researchers claim that Android.SmsSpy has victims in 200 countries and infects at least 40.000 mobile devices. These countries include Turkey, India, η Ισπανία, η Αυστραλία, η Γερμανία και η Γαλλία.
The most targeted version is Android 4,4 (35,71%), but Android.SmsSpy.88 can hit almost all Android versions from 2.3 to 5.2.
