• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Android Spyware ‘Revive’ Upgraded to Banking Trojan

You are here: Home / General Cyber Security News / Android Spyware ‘Revive’ Upgraded to Banking Trojan
June 28, 2022

Security scientists from Cleafy spotted a new Android Banking Trojan in the wild previously this thirty day period.

Dubbed “Revive” mainly because of one particular of its ability to immediately restart in circumstance it stops doing the job, the tool reportedly belongs to a classification of malware built for persistent strategies.

Producing in an advisory on Monday, Cleafy defined Revive was developed to target distinct targets (now, Spanish financial institutions).

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


At the similar time, the researchers extra that the attack methodologies driving Revive are similar to other banking trojans due to the fact the malware nonetheless exploits accessibility services to conduct keylogging activities and intercept SMS messages of the sufferer.

Shipped by numerous social engineering tactics, on installation the Cleafy application would question buyers to accept permissions relevant to SMS and phone phone calls. 

After the permissions have been granted, Revive would then redirect customers to a cloned web site (of the targeted financial institution) and prompt them to insert their credentials.

These would then be despatched to the command and regulate infrastructure (C2) of the risk actors (TAs), together with any two-factor authentication (2FA) or one particular-time password (OTP) codes despatched by means of SMS or phone get in touch with by banks.

At last, Revive would redirect victims to a generic residence web page with hyperlinks to the legitimate financial institution web page to stay clear of alarming users.

An first assessment of Revive’s code confirmed that both equally of the samples attained by Cleafy now have a incredibly reduced detection level by Antivirus options (AVs), probably mainly because they are nonetheless below advancement.

In terms of similarities with present malware, the security researchers stated the destructive actors guiding Revive took inspiration from open up-resource spy ware referred to as ‘Teardroid’ given that both equally resources seem to be centered on FastAPI, a Web framework for developing RESTful APIs in Python, and sections of the code of each malware instances feel to be related. 

However, the menace actors guiding Revive would have then modified it to perform account takeover attacks (ATO). Since of this big difference, Cleafy labeled Revive as a banking trojan and not just spyware.

The discovery of Revive will come times right after Cleafy upgraded the classification of the BRATA Android malware group to highly developed persistent menace (APT).


Some parts of this report are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News Clear Rules Needed to Prevent Conflict and Struggle in Cyber Space, Says NCSC Chief
Next Post: ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks zuorat malware hijacking home office routers to spy on targeted networks»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.