The page may not load correctly.
An analysis of the technologies used by cybercriminals allows us to draw conclusions about the virus industry’s possible vectors of development and more effectively confront future threats. You, too, can learn what actions various malicious programs take in infected systems and how to withstand them.
A banking Trojan family for Android mobile devices intended to steal logins and passwords to access online banking services using fake authorization forms. The Trojans of this family also covertly steal money from users’ bank accounts. The Android.ZBot malware can be downloaded under the guise of a benign program once a user visits fraudulent or hacked websites, or another malicious application can download it to a device.
The Trojans can execute the following actions:
The server sends instructions to the Android.ZBot Trojans that specify the applications on top of which a phishing message is to be shown. Then they periodically begin to check whether the corresponding applications are running. Once one of such applications is launched, the banking Trojans create a special input form, the content of which is downloaded from the server, and display it on top of the application. Such fake dialogs often imitate authorization forms of online banking applications. Logins and passwords that were entered by a user are sent to the command and control server. If the victim tries to close the bogus dialog, the Android.ZBot Trojans redirect the user to the home screen creating an illusion that this prompt really belongs to the corresponding legitimate application.
According to statistics, every fifth program for Android contains a vulnerability (or, in other words, a "loophole") that lets cybercriminals successfully introduce Trojans onto mobile devices and manipulate them into doing whatever actions they need them to.
Dr.Web Security Auditor for Android diagnoses and analyses a mobile device’s security and offers solutions to address security problems and vulnerabilities.