Results 1 to 1 of 1
-
12th Jun 2014, 12:12 PM #1
Mobile Svpeng Trojan Gains Device Blocking Capability
A more complex version of the Svpeng Trojan for Android mobile devices has been identified recently and it appears to have been equipped with ransomware capabilities.
The threat appeared on the security scene about a year ago, and at that time it was considered a standard Trojan-SMS that targeted SMS banking accounts; but it soon started to grow in complexity as the authors switched the target to mobile banking users.
At the beginning of June, however, researchers at Kaspersky Lab discovered a fresh modification for Svpeng that included ransomware features.
Unlike the first mobile encrypting malware (Android/Simplocker - Trojan-Ransom.AndroidOS.Pletor.a) analyzed by ESET and Kaspersky, this one holds the entire device hostage, not just specific files.
It achieves this by locking the smartphone until a ransom is paid. The device will not respond to any actions except for those that lead to paying the money or to turn it off. However, as soon as the device is re-started, the Trojan immediately gains control again.
Similar to Trojan-Ransom.AndroidOS.Pletor.a, the new Svpeng takes a photo of the victim and shows it in the ransom message.
As soon as the device is infected and the malware is deployed, a fake scan is initiated, which, as a result of detecting prohibited content, proceeds to locking the phone because it “was used to visit websites containing pornography,” which is in “violation of the federal laws of the United States of America.”
The ransom is $200 (148 EUR) and victims are provided multiple payment methods, MoneyPak vouchers being one of them. In this case there are several alternatives for buying them in the US.
Kaspersky Lab Expert, Roman Unuchek, writes that unlike the previous variants of the Trojan that targeted Russian citizens, this one focuses on United States residents, 91% of the infections being detected in this area. Other nations where the infection is present are UK, Switzerland, Germany, India and Russia.
The security firm identified a total of seven Svpeng modifications, all including “a Cryptor class reference, but none of them makes any attempt to use it.” However, it could be possible that attackers still have to perfect the encryption capabilities of the threat and release it in the future.
Apart from this, the versions also check the system for the presence of some banking apps and send the findings to the command and control server. According to Unuchek, “cybercriminals are probably just gathering statistics about the use of these apps on infected devices.
“Considering that Svpeng is, first and foremost, a banking Trojan, we can expect to see attacks on the clients of these banks who use mobile apps to manage their accounts.”Kepler Reviewed by Kepler on . Mobile Svpeng Trojan Gains Device Blocking Capability http://i.imgur.com/RcvnLhf.png A more complex version of the Svpeng Trojan for Android mobile devices has been identified recently and it appears to have been equipped with ransomware capabilities. The threat appeared on the security scene about a year ago, and at that time it was considered a standard Trojan-SMS that targeted SMS banking accounts; but it soon started to grow in complexity as the authors switched the target to mobile banking users. At the beginning of June, however, Rating: 5
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
How to auto fit in mobile devices?
By Divvy in forum WordpressReplies: 2Last Post: 24th May 2012, 02:05 PM -
Cheap Call Pc2phone,Mobile Dialer,Device
By crystaldial in forum Web Application/Script SupportReplies: 0Last Post: 31st Mar 2011, 05:47 PM -
[6/2/08]IFPI wins Danish block on Pirate Bay
By Lease in forum News & Current EventsReplies: 0Last Post: 6th Feb 2008, 03:37 AM -
[4/2/08]Danish Court Orders ISP to Begin Blocking The Pirate Bay
By Lease in forum News & Current EventsReplies: 1Last Post: 5th Feb 2008, 06:17 PM -
[TUT]Blocking botton Post new topick after click
By Lease in forum IP.BoardReplies: 0Last Post: 13th Jan 2008, 01:36 AM
themaLeecher - leech and manage...
Version 4.94 released. Open older version (or...