Be very careful with Zombinder: this banking Trojan managed to trick and rob over 1,300 people.
He is Banking Trojan one of the guys software malicioso most widespread on Android in recent years. Use its creators Techniques they use to try to attract users Steal and gain access to your banking application credentials steal money from them your accounts.
It has recently caught the eye of some cyber security experts Activity of a new type of banking Trojan which has claimed almost 1,300 victims in its various versions to date. It says as zombie from researchers threat tissue.
The Trojan attacks users in Spain, Portugal and Canada
During their investigations, the experts were able to verify that the actors behind the threat were consuming Applications for authorizing Wi-Fi network connections (y también.g. those shown when trying to connect to a hotel WiFi network). They offered a choice Download the official application form allowing the connection to be authorized.
However, the aplicación really should be A Trojan that cánido perform various types of attacksfrom stealing Gmail correos electrónicos and one-time verification codes to Find the phrases used to protect the cryptocurrency wallet.
A sample application from the Zombiner campaign, capable of distributing the trojan called “Xenomorph”.
In most cases, the software malicioso was hidden inside zombie aplicaciones They performed no other task than infecting the victim’s device. For this reason, researchers have dubbed the threat “Zombinder”. Aplicaciones were also found to be used within the Zombiner campaign to proliferate other well-known trojans, for example xenomorph.
Zombinder drops the Xenomorph Trojan and launches it while the original application is fully functional, leaving the victim unprepared. It should be noted that the authors of Xenomorph (known as HadokenSecurity) continue to develop the trojan.
The threat is particularly serious for Users living in Spain, as the software malicioso aims to attack users in Spain, Portugal and Canada. The campaign’s objetivo applications include the applications of banking companies such as N26, CaixaBank, Santander, ING, Abanca, Targobank, Kutxa, Pibank, Unicaja, BBVA, Bankinter or Openbank, among other.
Below we list them infected application names for the different types of software malicioso in this campaign:
- Automatic WiFi authenticator (com.woosh.wifiiautoauth)
- Football Live Stream (com.aufait.footballlivestream)
- young (com.viel.dizzy)
- Wi-Fi Authorization (com.welomuxitononu.voretije)
- Live Soccer Stream 1.9 (com.busafobawori.zuvo)
- Mod OGInsta+ (com.fuyocelisi.woyopu)
- vídeo mate (com.focus.equip)
If you have any of the above applications installed on your mobile phone, you should Make sure you remove it as soon as possible. Besides, it might be a good iniciativa. Reset the access codes to your banking institutionsespecially if at some point you have used your mobile phone to access it.