• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • February 28th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Android

Catelites Android Malware Poses as 2,200 Bank Apps

December 26th, 2017 Waqas Android, Malware, Security 0 comments
Catelites Android Malware Poses as 2,200 Bank Apps
Share on FacebookShare on Twitter

Another day another Android malware. This time, according to a joint research conducted by security firms SfyLabs and Avast Threat Labs, there is a new Android malware strain that can pose as not a hundred or two but nearly 2,200 banks to steal passwords and carry out fraud. The malware, dubbed as Catelites Bot, can pose as Santander and Barclays banks as well.

The malware has potential links to the infamous Russian gang who managed to infect over a million devices using the CronBot Trojan and make a whopping $900,000. This gang, however, was dismantled recently.

What does Catelites Bot do

The malware can get installed on an android device in more than one ways such as via fake, malicious applications available at third-party app stores or phishing websites. It may also get installed with malicious malware. Catelites can intercept texts, lock the mobile phone, delete device data, access phone numbers, modify speaker volume, spy on message conversations and force password unlocks.

After being downloaded, an icon titled System Application appears on the screen. When the user clicks on this icon, the software asks for admin rights. In case the victim grants these permissions, the icon disappears and the real job of Catelites Bot starts. Now the screen displays three trustable app icons of Gmail, Google Play, and Chrome. And then the malware looks for credit card information.

Catelites android malware poses as 2,200 bank apps to steal financial data

Fake icon on an infected device (Image credit: Avast)

When the victim opens any of these three new icons, a fake overlay appears asking for sensitive financial information. Considering that the icons are of reliable apps, a majority of users will fall prey to this trap and enter the required data. However, if the user suspects foul play then attackers have another trick mechanism in place; the overlay will be present on the top of the screen so that the user tries to get rid of it by providing the required information.

Stealing your banking data

The primary objective of the malware is to obtain bank account login details. Since the malware can pose as most of the top tier banks and financial institutions, therefore, users are bound to be deceived. When banking app is opened, the malware produces a fake overlay in place of the authentic banking app screen and the user may not know that it is not the real bank app where he or she is entering bank login credentials and credit card information. When this is done, attackers can easily access your bank account and credit card.

Catelites android malware poses as 2,200 bank apps to steal financial data

App asking for credit card data (Image credit: Avast)

In their blog post, security experts stated that CronBot and Catelites are quite similar to each other. According to Nikolaos Chrysaidos from Avast:

“While we don’t have any evidence that the Catelites Bot actor is linked to CronBot, it is likely that Catelites members have gotten their hands on the Cron malware and repurposed it for their own campaign.”

“The malware has the ability to automatically and interactively pull Android banking applications’ logos and names from Google Play Store. While the manipulative mobile banking screens don’t resemble the original banking apps, the power lies within the malware’s shotgun approach: Targeting millions of users of thousands of banks to increase the likelihood a few victims will fall for the trick,” added Chrysaidos.

You can stay protected by using an updated anti-virus for Android devices. If you don’t have it then boot the phone into safe mode to ensure that the malware is not installed. If you find any suspicious apps, immediately delete them. Also, remember never to grant admin rights to a program or app unless you are completely sure about the authenticity of the app.

Moreover, as we always recommend, never download apps from third-party app stores and only use authentic platforms like Google Play. Whenever you open your bank app, try to find out if the app is behaving normally or not and if you suspect something then immediately close it.

The malware is identified in Russia until now but experts believe that this is just a testing stage and the attackers will most probably try to spread it to other parts of the world to target banks worldwide. Until now, approx. 9,000 users have been targeted.

Source: Avast

  • Tags
  • Android
  • Banking
  • Cyber Crime
  • Google Play
  • hacking
  • internet
  • Malware
  • Russia
  • Scam
  • security
Facebook Twitter LinkedIn Pinterest
Previous article US Navy Tweets about Julian Assange after his account disappeared
Next article Spoofed Emails from Supposedly Corporate Printer Vendors Install Backdoor
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials

Hackers using malicious Firefox extension to phish Gmail credentials

Botnet Abusing Bitcoin Blockchain To Evade Detection

Botnet Abusing Bitcoin Blockchain To Evade Detection

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks
Microsoft

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials
Security

Hackers using malicious Firefox extension to phish Gmail credentials

Apple Glass may feature 3D Audio and Self-Cleaning in new patent
Technology News

Apple Glass may feature 3D Audio and Self-Cleaning in new patent

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us