Group-IB, engaged in the prevention and investigation of cybercrime, has fixed a new wave of mass distribution of Trojan viruses, masquerading as mobile applications of leading Russian banks for Android-smartphones, the company said.
The specialists of the Center for Responding to Information Security Incidents (CERT-GIB) Group-IB note that Trojans designed for mobile devices running Android OS are distributed not through the official Google Play store, but through advertisements in search engines. So, users who dialed the request to download the application of the bank, received on the first pages of advertising messages about the installation of the service. When you click on the link, you are redirected to third-party resources, where you were offered to download a mobile application, under which the banking Trojan was hiding.
As explained by RIA Novosti in the company, analysts identified about ten qualitatively prepared resources that mimicked applications of Russian banks from the top 10. Services are operatively blocked by Group-IB, advertisements with unfair content are deleted by employees of search services.
In the course of further investigation, the company's experts identified a link between the distributor of these malicious banking applications and the author of fraudulent resources for the sale of air tickets that were popular in 2016 and at the beginning of 2017.
"It is worth noting that the quality of fake applications, both in design and in the mechanics of infection, is constantly growing, which confuses many users who do not pay attention to critical details: the domain name, redirection to a third-party resource," said the head of CERT-GIB Alexander Kalinin.
According to the company, according to the results of the 2016-2017 fiscal year, the damage to individuals from the bank Trojans for Android in Russia grew by 136 percent and amounted to 14 million dollars. In this case, the harm from them for personal computers is 30 percent less.