ARN

Asacub is mobile banking’s new adversary: Kaspersky Lab

Android information stealing trojan evolves to target mobile banking apps

Mobile banking has a new enemy, Asacub, a new form of mobile malware targeting Android users.

First identified by researchers from Kaspersky Lab in June 2015, the mobile trojan is said to have displayed all the signs of an information stealing malware, but researchers have since found some versions targeting users of online banking in the US, Russia and Ukraine.

In its first iteration, Asacub was capable of stealing contact lists, browser history, list of installed apps, sending SMS messages to given numbers and blocking the screen of an infected device – all standard functions for a typical information stealing Trojan.

However, in the third quarter of 2015, Kaspersky Lab found several new versions of the trojan which confirmed its transformation into a tool for stealing money. The new version was equipped with phishing pages mimicking log-in pages of banking applications.

At first, researchers believed Asacub was targeting only Russian-speakers because the modifications contained fake log-in pages of Russian and Ukrainian banks. But after further investigation, Kaspersky Lab’s experts found a modification with fake pages of a large US bank.

The new versions also contained a new set of functions including call redirection and sending USSD requests (a special service for interactive non-voice and non-SMS communications between the user and cellular provider), which Kaspersky Lab said made Asacub a very powerful tool for financial fraud.

Despite being aware of several versions of the trojan for some time, Kaspersky Lab said its threat detection systems found almost no sign of active campaigns until the end of 2015.

Within just one week, it had identified more than 6500 attempts to infect users with the malware making it one of the five most popular mobile trojans of that week, and the most popular trojan-banker.