Hundreds of different banking Trojans attack Android users, one being Android.SmsSpy.88.origin, which was first spotted in 2014.
Despite seeming outdated, Doctor Web researchers say the popularity rating is still high. Cyber-criminals have made the Trojan more dangerous and capable of performing ransomware functions. The earlier versions of the Trojan were originally designed to intercept text messages, make phone calls, and steal credit card information as well as login credentials from online banking programmes.
“The Trojan is distributed under the guise of a benign application, for example, Adobe Flash Player. Once launched, the Trojan prompts the user to grant it administrator privileges. It then turns on the Wi-Fi module and checks every second whether a Wi-Fi or cellular connection has been established. If no connection is made, Android.SmsSpy.88.origin enables these communication channels once again,” Dr Web researchers said. The Trojan then sends information such as the mobile network operator, OS version, mobile device model and cell phone number to the command and control server.
At first, the Trojan attacked users only in Russia and CIS countries, however as of the start of 2016 more sophisticated versions of the Trojan infect Android devices worldwide. The Trojan has affected users in over 200 countries and at least 40,000 mobile devices, most notably in Turkey (18.29 percent), India (8.81 percent), Spain (6.9 percent), Australia (6.87 percent), Germany (5.77 percent), France (3.34 percent), the US (2.95 percent), Italy (1.99 percent) and Britain (1.53 percent).
Most infected devices were running Android 4.4 (35.17 percent), 5.1 (14.46 percent), 5.0 (14.1 percent), 4.2 (13 percent), and 4.1 (9.88 percent).
Doctor Web advises users to protect smartphones and tablets from the Trojan by: