Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Incident Response, TDR, Threat Management, Threat Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Kaspersky detects surge in ‘Asacub’ mobile banking trojan attacks

What was once a low-threat, basic spyware trojan has evolved into very powerful banking malware capable of giving hackers near-total control over one's Android device, warned Kaspersky Lab in a news statement and blog post yesterday.

In late 2015, Kaspersky began detecting a sudden surge in infection attempts using this rapidly metamorphosing malware—dubbed Asacub—identifying over 37,000 attacks against online bankers, including 6,500 in Asacub's first week of activity.

But even calling Asacub a banking trojan is understating the scope of the threat. In reality, it has developed into a comprehensive hacking toolset that grants perpetrators remote access to steal data (potentially for theft of funds or blackmail purposes), operate phone functions, redirect calls and install additional malware. For this reason, Kaspersky in its blog post has already called Asacub “one of the most notorious mobile threats in 2016.”

“For us it is the first time we were able to track the evolution of a malware with this level of precision, due to the fact that the author of malware didn't care a lot about the secrecy of his development process and tested a lot of versions in the wild,” explained Roman Unuchek, senior malware analyst at Kaspersky Lab, told  SCMagazine.com.

So far targeting banking customers in the U.S., Russia and Ukraine, the attacks stem from a command-and-control center whose domain is registered to same person or group that also owns domains associated with a Windows-based spyware program called CoreBot. Unuchek told SCMagazine.com that the attackers are using SMS (text message) spam and phishing to “force a user to install this Trojan. In most cases it looks like an app to view images or MMS.”

Kaspersky reported that when it was initially discovered in June 2015, Asacub appeared to be a run-of-the-mill malware program capable of sending SMS messages, as well as uploading browser histories, contacts and lists of downloaded apps onto a malicious server. In July more functionality was added, including intercepting and deleting SMS messages, uploading SMS histories and, most notably, creating a virtual backdoor that allows hackers to execute commands on a device.

By September 2015, the malware was modified yet again to employ phishing screens that mimic mobile banking apps, with the intention of tricking users into inputting their banking credentials for hackers to steal.

The malware's author has also added functionality that enables hackers to take photos, access a device's GPS coordinates, reroute user-made calls to specified numbers and send USSD messages to communicate in real time with a phone's service provider. Generally, USSD requests enable WAP browsing, prepaid callback services, mobile-money services, location-based content services and more.

“Some banks call a user to tell them a temporary password for the transaction. So this malware can redirect such calls using USSD requests,” said Unuchek. “Some banks also allow users to use USSD to transfer money from one account to another. Also, they can use USSD to check the balance of the phone account to find out how much money they can steal by Premium SMS.”

Kaspersky also warned that Asacub grants hackers the ability to install even more malicious code, possibly including ransomware.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.