Will Microsoft force you to upgrade to Windows 11 this year?

They discover a new malware on Android capable of stealing your bank details

A week ago a new banking malware appeared on Android devices.

Currently we use our smartphone for practically all day-to-day tasks, something that is very beneficial because with our mobile we can have our schedule organized, talk with our friends and family and even manage our bank accounts.

But the fact of being constantly connected is also a risk when we talk about sensitive data such as bank details since a week ago they just discovered a new malware on Android that is capable of stealing your bank details.

They discover a new malware on Android capable of stealing your bank details

A new banking Trojan is detected on Android

We already talked to you about the access paths of malware on Android and even about helper, a malware that is impossible to eliminate even if you reset your device to factory settings and almost a week ago, on Thursday, January 7 , a new malware appeared on Android that it can steal your bank details.

So as we have in Hispasec.com got both Virus Total as Kodu's a new banking Trojan dedicated to steal banking credentials from users who install on their terminals.

They discover a new malware on Android capable of stealing your bank details.

At the moment there is no evidence that this new malware belongs to any of the current banking malware families on Android such as Cerberus and Anubis Bankbot and everything seems to indicate that it is a totally new family. On the other hand, the Twitter account Malware Hunter Team also published a tweet indicating the hash of the sample and the images of the detections of the different security solutions for Android.

How does this new malware work?

Once the user opens the malicious application, this banking malware for Android takes advantage of the accessibility permissions that they request once the user opens the application and this allows said malware to install an accessibility service in the terminal to which all are notified accessibility events such as button presses or changes to text fields.

In this way, at the moment in which an event occurs, this malware receives the associated information allowing it to know if a banking application has been opened, in which case it proceeds to .show a web view with a phishing form that simulates the window of real login of the bank

How can we protect ourselves from this new malware?

From what we have been able to know, most of the banks affected by this Trojan are from our country, although there are also some German banks.

This malware is usually distributed through fraudulent web pages that appear as fake updates to a media player, so we recommend not installing applications from sources other than the Google Play Store.