Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
A new version of the BianLian malware - cybercriminals have modified the Trojan, equipping it with additional capabilities to attack banking applications. Fortinet experts examined the new malware instance in detail.
According to experts, BianLian can now record the screen of an Android device, which helps cybercriminals to steal the credentials of online banking users.
During the installation process, BianLian attempts to obtain permission to use Accessibility Services. As soon as the user grants him access, the attack phase begins.
The malicious program can record any windows of financial applications using the screencast module, for which BianLian requires separate rights in the Android system. Thus, the entire process of entering a username, password, and payment card data is recorded and handed over to the attackers.
Previously, BianLian served as a dropper for another malware - Anubis. Its initial characteristics allow it to bypass detection by various protective mechanisms. For example, BianLian can infiltrate Google Play.
According to a Fortinet report, this is the list of attacked banking applications:
