A new virus has been hit Android for months. He leads targeted cyber attacks by pretending to be an antivirus developed by the Federal Security Agency of the Russian Federation.
Dr. Web researchers spotted a new virus specializing in attacks on Android, “Android.Backdoor.916.origin”. Malware is currently attacking Russian business leaders, experts say. These are targeted cyber attacks, led by even unknown hackers. Malware is used in “Occasional attacks” rather than for the “Mass distribution”.
To enter the phone of its targets, the virus prevails For an antivirus. It is a classic strategy on the part of malicious software to put the distrust of users to sleep and take access to all the functions of a system.
The virus is nevertheless distinguished by claiming to have been developed by the Federal Security Agency of the Russian Federation. Direct heiress of the KGB, the agency is responsible for carrying out surveillance and espionage operations, whether in Russia or against foreign countries. Cybercriminals “Try to pretend to be security software allegedly associated with the Russian police forces”explains Dr. Web. In truth, the virus is not linked to the Kremlin intelligence services.
Read also: Russian cyber attacks – spies exploit an old flaw corrected in 2018
A formidable spy virus
Once on the smartphone of its victims, the virus will first imitate the functions of a real antivirus. He will thus claim that a scan of the whole smartphone is in progress. Once the scan is finished, the malware will claim thatA threat was discovered on the phone. Again, it is a widespread tactic in malware to force their targets to obey their requests. This is how he will get a lot of permissions on the system. For example, he will claim access to SMS, camera and geolocation. These requests should put the chip in your ear.
With these authorizations, he will spy on all conversations, film through the phone camera, save everything that is hit on the keyboard, and exfiltrate data from messaging or browsers. In a short time, he seizes a mountain of data, of which potentially sensitive information such as identifiers and passwords. Malware was spotted for the first time last January. Since then, the researchers have identified several versions of the virus, which shows that the operation is perpetual evolution.
🔴 To not miss any 01net news, follow us on Google News and Whatsapp.
Source :
Dr Web