This month, Cleafy’s security researchers discovered a new Android Banking Trojan in the wild.
According to reports, the malware tool has been dubbed “Revive” because of its ability to restart itself if something goes wrong.
Cleafy, in a Monday advisory, explained that Revive was created to focus on a specific set of goals (currently, Spanish banks).
Researchers say Revive’s attack methodology is similar to that of other banking trojans because the malware still makes use of accessibility services to perform keylogging activities and intercept SMS messages from the target.
The Cleafy app would ask users to grant permissions for SMS and phone calls when they first installed the app using various social engineering techniques.
Revive would then redirect users to a cloned page (of the targeted bank) and prompt them to enter their credentials once the permissions had been granted.
Additionally, any two-factor authentication (2FA) or one-time password codes (OTP) codes sent via SMS or phone call by banks would then be sent to the C2 of the threat actors (TAs).
Last but not least, Revive would direct victims to a generic home page with links to the legitimate bank’s website in order to prevent users from becoming alarmed.
Cleafy’s initial analysis of Revive’s code revealed that both of the samples obtained by Cleafy currently have a very low detection rate by Antivirus solutions (AVs).
The Revive malware appears to be based on FastAPI, a Web framework for developing RESTful APIs in Python, and sections of the code of both malware instances appear to be similar, according to the security researchers who discovered the malware.
Nevertheless, the threat actors responsible for Revive would have altered it to perform account takeover attacks after that… (ATO). Cleafy categorised Revive as a banking trojan rather than spyware because of this difference.
A few days earlier, Cleafy had upgraded the BRATA Android malware group to the category of “advanced persistent threat” (APT).
Share this article
About the Author
Rutaba Rais is Editor at Be Encrypted with focus on Technology and Internet Security. Apart from her Healthcare background, she has interests in Lifestyle, Journalism, and expressing her opinion by her writing. You can follow her on Twitter.
More from Rutaba RaisRelated Posts
Passengers’ Data Stored on User Devices, not on DigiYatra Storage, says India Govt
KEY TAKEAWAYS Unblocking streaming content from Amazon Prime is easy only if you know the reliable V...
NCSC Chief: Clear Rules Needed to Prevent Cyberspace Conflict and Struggle
A safe and secure digital world necessitates a clear definition and enforcement of international cyb...
Asian Industrial Control Systems Targeted by Hackers Using the Shadowpad Backdoor
Unpatched Microsoft Exchange servers in various Asian countries were the target of an attack campaig...
Data Breaches Could Occur Due to Kubernetes Misconfigurations That Were Leaked.
Over 900,000 Kubernetes (K8s) have been discovered to be vulnerable to malicious scans and/or data-e...
Attacks by Cybercriminals Will Become the Main Threat in 2024. Privacy Issues Tendencies
Internet Privacy is the main Concern today Advertisers track your online activities and interf...
Scammers trapping users via fake VPN services after anti-privacy bill
Recently signed by trump, the new broadband laws will allow ISPs to sell your data without any legal...
