Researchers have recently stumbled across a new and improved version of the Gugi banking Trojan. This modified Gugi variant is said to be able to bypass Android`s 6 security features even though they are specially designed to block ransomware and phishing attacks.
The senior malware analyst at Kaspersky, Roman Unuchek, blogged that the Trojan is a member of the Trojan-Banker.AndroidOS.Gugi family, which has been around since December 2015. This new version first appeared on the malware stage in June this year.
The Gugi Trojan has the ability to steal users` banking credentials from their mobile applications by overlaying banking apps with phishing windows. Moreover, it is able to steal credit card data by overlaying the Google Play Store application.
Gugi manages to execute the overlay attacks by forcing users to grant it this kind of permission. Even though Android 6 is designed to block suck attacks it doesn’t matter if the permission is granted by the device`s owner.
The Trojan is distributed via SMS spam messages stating: “Dear user, you receive MMS-photo! You can look at it by clicking on the following link”. Following the link, users are led to phishing webpages where the malware is downloaded from.
This, then, authorizes apps overlay, blocks the screen asking for ‘Trojan Device Administrator’ rights, and then asks permission to make calls and SMS.
If the device`s owner decides to decline permission, the Trojan will block the phone completely. If so, all the victim can do is reboot the device in safe mode and try to delete the malware.
Researchers say the Gugi banking Trojan is quickly gaining popularity. The number of attacked by Gugi devices has risen ten times from April to August. However, for now, the main target of the malware are Russian users as more that 93% of all infections have been against people living in that country.
“Cyber-security is a never-ending race. OS systems such as Android are continuously updating their security features to make life harder for cyber-criminals and safer for customers. Cyber-criminals are relentless in their attempts to find ways around this, and the security industry is equally busy making sure they don’t succeed. The discovery of the modified Gugi Trojan is a good example of this. In exposing the threat, we can neutralize it, and help to keep people, their devices and their data safe.” – said Unuchek.