Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
Residents of Uzbekistan have become the main target of the Trojan, but the geography of attacks continues to grow.
A new malware campaign has been spotted in Uzbekistan spreading an Android malware called Ajina.Banker. Discovered by Group-IB specialists in May 2024, this Trojan has been active since November 2023 and currently has about 1400 unique versions.
Ajina.Banker gets its name from the mythical Uzbek spirit known for its cunning and ability to take on different guises. Attackers exploit this cloaking ability by presenting malware in the form of popular applications such as banking services and government portals. This allows you to trick users into willingly installing a Trojan on their devices.
The main way Ajina.Banker spreads is through social engineering via the Telegram messenger. Hackers create numerous accounts from which they send links to malicious files. These files are disguised as enticing offers, promotions, or even applications from tax authorities. As a result, users, succumbing to the promises of "lucrative rewards" or "exclusive access", install the malware, unaware of its true nature.
The attack mechanism also involves sending messages with attached malicious files directly, without further explanation. Attackers actively use different channels to distribute the Trojan, thereby bypassing the built-in security systems of some chats.
According to the researchers, Ajina.Banker is not limited to attacks in Uzbekistan only. The Trojan also collects data on financial apps in countries such as Armenia, Azerbaijan, Kazakhstan, Kyrgyzstan, Russia, and even Iceland. In addition, the program gains access to SIM cards and intercepts incoming SMS messages, including two-factor authentication (2FA) codes, which creates additional risks for users.
Group-IB research has shown that Ajina.Banker has several versions, which indicates its active development. The latest versions of the Trojan are capable of stealing phone numbers, bank card details, and PIN codes, making it extremely dangerous.
Interestingly, Ajina.Banker operates on the model of an affiliate program: the core group manages the infrastructure, and distribution and attacks are carried out through a network of partners who receive a share of the stolen funds.
Security experts recommend that users be extremely careful when receiving suspicious messages and downloading applications. You should only use trusted app stores, such as Google Play, carefully check app permissions, and install security software to prevent such threats.
Source
A new malware campaign has been spotted in Uzbekistan spreading an Android malware called Ajina.Banker. Discovered by Group-IB specialists in May 2024, this Trojan has been active since November 2023 and currently has about 1400 unique versions.
Ajina.Banker gets its name from the mythical Uzbek spirit known for its cunning and ability to take on different guises. Attackers exploit this cloaking ability by presenting malware in the form of popular applications such as banking services and government portals. This allows you to trick users into willingly installing a Trojan on their devices.
The main way Ajina.Banker spreads is through social engineering via the Telegram messenger. Hackers create numerous accounts from which they send links to malicious files. These files are disguised as enticing offers, promotions, or even applications from tax authorities. As a result, users, succumbing to the promises of "lucrative rewards" or "exclusive access", install the malware, unaware of its true nature.
The attack mechanism also involves sending messages with attached malicious files directly, without further explanation. Attackers actively use different channels to distribute the Trojan, thereby bypassing the built-in security systems of some chats.
According to the researchers, Ajina.Banker is not limited to attacks in Uzbekistan only. The Trojan also collects data on financial apps in countries such as Armenia, Azerbaijan, Kazakhstan, Kyrgyzstan, Russia, and even Iceland. In addition, the program gains access to SIM cards and intercepts incoming SMS messages, including two-factor authentication (2FA) codes, which creates additional risks for users.
Group-IB research has shown that Ajina.Banker has several versions, which indicates its active development. The latest versions of the Trojan are capable of stealing phone numbers, bank card details, and PIN codes, making it extremely dangerous.
Interestingly, Ajina.Banker operates on the model of an affiliate program: the core group manages the infrastructure, and distribution and attacks are carried out through a network of partners who receive a share of the stolen funds.
Security experts recommend that users be extremely careful when receiving suspicious messages and downloading applications. You should only use trusted app stores, such as Google Play, carefully check app permissions, and install security software to prevent such threats.
Source
