Cleafy cybersecurity researchers have just discovered the existence of a new banking malware called Revive. This trojan, which is spreading rapidly at the time of this writing, can be re-launched at will by hackers in the event of an unexpected detection or shutdown. Which makes it very dangerous malware.
Not a week goes by without new malware threatening billions of Android device users around the world. Among the latest dangers to date we mention the BRATA malware, capable of spying on customer messages sent through their banking application. Or even SMS Factory, an Android Trojan that can blow up your phone bill.
This time, we owe the discovery of the day to Cleafy’s cybersecurity researchers. Indeed, these experts noted the existence of a new malware called “Revive”. For now, the first cases have been reported in Spain around June 15, but everything indicates that the malware could spread rapidly outside Spain’s borders. in particular through phishing campaigns.
Revive, the immortal malware
Unsurprisingly, the malware doesn’t get its name by accident. It is also a direct reference to its main strength. In fact, if the malware becomes inoperative, either due to user actions or a bug, hackers are able to remotely reactivate it at their convenience. And to strengthen the grip on the infected device. You would have understood, this makes “Revive” a particularly resistant malware and all the more harmful.
As a banking Trojan, “Revive” currently targets BBVA users (Banco Bilbao Vizcaya Argentaria), multinational banking group based in Madrid and Bilbao. The procedure is pretty straightforward, since hackers opted for a classic phishing campaign.
Indeed, BBVA customers receive fake emails, SMS or WhatsApp messages presumably coming from the bank. They are notified of the launch of a new application e are invited to download it via an external link to the Play Store or the App Store.
Also Read: Android – Google Reveals Spyware Is Listening To All Your Conversations
Revive can acquire the keystroke and intercept SMS 2FA
During installation, the program prompts access to many features, such as being able to observe touch controls performed on the screen, or even being able to access the microphone and the camera. So, the malware can scan all the victim’s actionsalso on all installed apps.
Also note that “Revive” is able to do this capture keystroke and intercept SMS with unique code used for two-factor authentication. “When the victim opens the malicious application for the first time, Revive asks the user to accept two permissions related to SMS and calls. Next, a clone of the login page of the target bank is displayed, and if the user enters their credentials, they are passed to the monitoring server. ” explain the researchers.
To protect yourself, the recommendation is simple: never agree to download an appalso banking, outside of a secure app store like the Play Store or the App Store. The updating of the banking apps will still take place through these stores.
Source: The Hacker News