Nasty Mobile Banking Trojan Gets Ransomware Features, Starts Targeting U.S. Users
PCWorld, By Lucian Constantin
An Android Trojan program
originally designed to steal mobile banking credentials from Russian users was
recently retrofitted with ransomware functionality and has started infecting
users in the U.S., using photos of its victims to intimidate them into paying a
fictitious FBI fine.
Known as Svpeng, the Trojan program was first detected almost a
year ago targeting customers of Russia’s three largest banks, according to
security researchers from antivirus vendor Kaspersky Lab. Its initial variants
detected when users opened the targeted mobile banking apps and displayed a
fake login screen to capture log-in credentials. A similar technique was used
to collect credit card details when users opened Google Play.
“At the beginning of 2014, we detected a new modification of
Svpeng with ransomware capabilities,” said Roman Unuchek, a senior malware
analyst at Kaspersky Lab, in a blog post Wednesday. “When instructed by its
server, the malware attempted to block the user’s phone and display a message
demanding payment of a US$500 ‘fee’ for alleged criminal activity.” Read more.