News Item

Nasty Mobile Banking Trojan Gets Ransomware Features, Starts Targeting U.S. Users

PCWorld, By Lucian Constantin

An Android Trojan program originally designed to steal mobile banking credentials from Russian users was recently retrofitted with ransomware functionality and has started infecting users in the U.S., using photos of its victims to intimidate them into paying a fictitious FBI fine.

Known as Svpeng, the Trojan program was first detected almost a year ago targeting customers of Russia’s three largest banks, according to security researchers from antivirus vendor Kaspersky Lab. Its initial variants detected when users opened the targeted mobile banking apps and displayed a fake login screen to capture log-in credentials. A similar technique was used to collect credit card details when users opened Google Play.

“At the beginning of 2014, we detected a new modification of Svpeng with ransomware capabilities,” said Roman Unuchek, a senior malware analyst at Kaspersky Lab, in a blog post Wednesday. “When instructed by its server, the malware attempted to block the user’s phone and display a message demanding payment of a US$500 ‘fee’ for alleged criminal activity.” Read more.