A new form of a mobile Trojan virus appears to target online banking, and it potentially could place multiple banks’ customers at risk. More than 100 million Americans use mobile banking.
Kaspersky Lab says is has detected the malicious software, called Svpeng, operating in the U.S. and UK. It combines the functionality of financial malware with ransomware capabilities.
This is the first time that Svpeng, a famous money-stealing mobile Trojan in Russia, has turned its attention to other markets, according to Kaspersky’s June 16 announcement.
Though the malware does not steal credentials, Kaspersky believes it will eventually because Svpeng simply is a modification of a well-known Trojan used mainly for stealing money. The Trojan’s code contains some mentions of the Cryptor method, which has not yet been used, so it is likely that it will soon be utilized for file encryption, the company said.
The Trojan checks a user’s phone for a list of certain financial applications, where it starts stealing login and password data for online banking, as it does now among Russian bank accounts.
It is impossible to repel an attack of American Svpeng if a mobile device doesn’t have a security solution, and the malware will block the device completely, Roman Unuchek, Kaspersky Lab senior malware analyst, said in a statement. “If it happens to you, you can do almost nothing,” he said. “The only hope for unlocking the device is if it was already rooted before it was infected; then it could be unlocked without deleting the data."
Another option to remove the Trojan for phones not rooted is to boot into “Safe Mode” and erase all data on the phone only, while SIM and SD cards will stay untouched and uninfected, he said.
English-language Svpeng currently checks the presence of the following applications on a victim’s device: USAA Mobile, Citi Mobile, Amex Mobile, Wells Fargo Mobile, Bank of America Mobile Banking, TD App, Chase Mobile, BB&T Mobile Banking, and Regions Mobile. It then locks the screen of the mobile device with the imitation of an FBI penalty notification letter and demands $200 in the form of Green Dot’s MoneyPak cards, according to Kaspersky.
"Today, we see that more than 91 percent of attacks using this Trojan target English-language users based in U.S. and UK. The other 9 percent targets India, Germany and Switzerland,” Kaspersky Lab said. “It could soon reach other English-speaking countries and even other languages."