'Revive' has been upgraded to a banking Trojan on Android

Last updated: January 18, 2024 Reading time: 2 minutes
Disclosure
Share

This month, Cleafy’s security researchers discovered a new Android Banking Trojan in the wild.

According to reports, the malware tool has been dubbed “Revive” because of its ability to restart itself if something goes wrong.

Cleafy, in a Monday advisory, explained that Revive was created to focus on a specific set of goals (currently, Spanish banks).

Researchers say Revive’s attack methodology is similar to that of other banking trojans because the malware still makes use of accessibility services to perform keylogging activities and intercept SMS messages from the target.

The Cleafy app would ask users to grant permissions for SMS and phone calls when they first installed the app using various social engineering techniques.

Revive would then redirect users to a cloned page (of the targeted bank) and prompt them to enter their credentials once the permissions had been granted.