Woburn, MA – January 20, 2016 – The Kaspersky Lab Anti-Malware Research team has discovered Asacub, a new malware that targets Android users for financial gain. When first identified, Asacub displayed all the signs of an information stealing malware; however, some versions of the Trojan are targeting users of online banking in Russia, Ukraine and the United States.
With millions of people worldwide using their smartphones to pay for goods and services, 2015 saw cybercriminals exploiting this by developing malicious financial programs for mobile devices. According to Kaspersky Lab research, for the first time, a mobile banking Trojan entered the Top-10 most prevalent malicious programs targeting finances. The Asacub Trojan is yet another example of this worrying trend.
The first version of the Asacub Trojan, discovered in June of 2015, was capable of stealing contact lists, browser history and list of installed apps, sending SMS messages, and also blocking the screen of an infected device. These are all standard functions for a typical information-stealing Trojan. However, in the Fall of 2015 Kaspersky Lab experts discovered several new versions of the Asacub Trojan, showing that it had transformed into a tool for stealing money. For example, the new version included phishing pages that could mimic log-in pages of banking applications.
At first it looked like Asacub was targeting only Russian-speaking users, because the modifications contained fake log-in pages of Russian and Ukrainian banks. After further investigation, Kaspersky Lab experts found a modification with fake pages of a large U.S. bank. These new versions also contained a new set of functions including call redirection and the ability to send USSD requests (a special service for interactive non-voice and non-SMS communications between the user and cellular provider), which made Asacub a very powerful tool for financial fraud.
Although Kaspersky Lab has been aware of several different versions of the Trojan for some time, the company’s threat detection systems found almost no sign of active Asacub campaigns until the end of 2015. Within just one week, Kaspersky Lab identified more than 6,500 attempts to infect users with the malware, making it one of the five most popular mobile Trojans of that week, and the most popular Trojan-Banker to date.
“When analyzing this Trojan, we found that the Asacub malware has connections to criminals with links to a Windows-based spyware called CoreBot. The domain used by Asacub’s Command & Control center is registered to the same person as tens of domains that were used by CoreBot. It is therefore highly likely that these two types of malware are being developed or used by the same gang, who see huge value and criminal gain in exploiting mobile banking users. Based on current trends, we can assume that in 2016, the development and prevalence of mobile banking malware will continue to grow and account for an even greater share of malware attacks. Consumers need to be extra vigilant to ensure they don’t become the next victim,” warns Roman Unuchek Senior Malware Analyst at Kaspersky Lab USA.
To help consumers keep their finances secure and defend against the latest malware threats, Kaspersky Lab products successfully detect and block the Asacub malware.
To learn more about this and other malicious programs, visit Securelist.com.
About Kaspersky Lab
Kaspersky Lab is one of the world’s fastest-growing cybersecurity companies and the largest that is privately-owned. The company is ranked among the world’s top four vendors of security solutions for endpoint users (IDC, 2014). Since 1997 Kaspersky Lab has been an innovator in cybersecurity and provides effective digital security solutions and threat intelligence for large enterprises, SMBs and consumers. Kaspersky Lab is an international company, operating in almost 200 countries and territories across the globe, providing protection for over 400 million users worldwide.
Learn more at www.kaspersky.com.
For the latest in-depth information on security threat issues and trends, please visit:
Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter
Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter
Media Contact
Sarah Kitsos
781.503.2615
sarah.kitsos@kaspersky.com
