Android Spyware ‘Revive’ Upgraded to Banking Trojan

Security scientists from Cleafy spotted a new Android Banking Trojan in the wild previously this thirty day period.

Dubbed “Revive” mainly because of one particular of its ability to immediately restart in circumstance it stops doing the job, the tool reportedly belongs to a classification of malware built for persistent strategies.

Producing in an advisory on Monday, Cleafy defined Revive was developed to target distinct targets (now, Spanish financial institutions).

✔ Approved From Our Partners

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code

At the similar time, the researchers extra that the attack methodologies driving Revive are similar to other banking trojans due to the fact the malware nonetheless exploits accessibility services to conduct keylogging activities and intercept SMS messages of the sufferer.

Shipped by numerous social engineering tactics, on installation the Cleafy application would question buyers to accept permissions relevant to SMS and phone phone calls. 

After the permissions have been granted, Revive would then redirect customers to a cloned web site (of the targeted financial institution) and prompt them to insert their credentials.

These would then be despatched to the command and regulate infrastructure (C2) of the risk actors (TAs), together with any two-factor authentication (2FA) or one particular-time password (OTP) codes despatched by means of SMS or phone get in touch with by banks.

At last, Revive would redirect victims to a generic residence web page with hyperlinks to the legitimate financial institution web page to stay clear of alarming users.

An first assessment of Revive’s code confirmed that both equally of the samples attained by Cleafy now have a incredibly reduced detection level by Antivirus options (AVs), probably mainly because they are nonetheless below advancement.

In terms of similarities with present malware, the security researchers stated the destructive actors guiding Revive took inspiration from open up-resource spy ware referred to as ‘Teardroid’ given that both equally resources seem to be centered on FastAPI, a Web framework for developing RESTful APIs in Python, and sections of the code of each malware instances feel to be related. 

However, the menace actors guiding Revive would have then modified it to perform account takeover attacks (ATO). Since of this big difference, Cleafy labeled Revive as a banking trojan and not just spyware.

The discovery of Revive will come times right after Cleafy upgraded the classification of the BRATA Android malware group to highly developed persistent menace (APT).