Strategy, Threats, Malware

Riltok banking trojan begins targeting Europe

June 25, 2019
  • Get address of cybercriminal C&C server
  • Get configuration file with web injects from C&C, as well as default list of injects
  • Scan for app package names that generated AccessibilityEvent events in the list of known banking/antivirus/other popular apps
  • Set malware as default SMS app
  • Get address of the phishing page that opens when the app runs, and others
prestitial ad