Android banking malware distributed through vishing attacks

Voice phishing attacks have been leveraged by threat actors to target Italian online banking users with the Copybara Android banking trojan, according to The Hacker News. Malicious telephone-oriented attack delivery campaigns using Copybara are believed to have begun last November, when the mobile trojan was initially identified, a report from ThreatFabric showed. Threat actors have been impersonating bank support agents to convince individuals on the other side of the call to download and allow permissions for a security app that installs Copybara, which could exploit the accessibility services API of the operating system to facilitate sensitive data collection. Researchers also found that attackers have bene using infrastructure that enables the distribution of SMS Spy malware, which could access and intercept bank-sent messages and one-time passwords. "Such attacks require more resources on [threat actors'] side and are more sophisticated to perform and maintain. We also like to point out that targeted attacks from a fraud success perspective are unfortunately more successful, at least in this specific campaign," said ThreatFabric's Mobile Threat Intelligence team.