The banking Trojan, Gugi The Gugi, that can bypass new Android 6 security features created to block phishing and ransomware attacks.
Advertisement
The developers of the mobile banking trojan Gugi have introduced modifications to sidestep two key security features of Android 6, Kaspersky Lab researcher Roman Unuchek has reported in the Securelist blog.
The infection seeks to steal a user’s mobile banking credentials by overlaying genuine finance apps with phishing malware.
A relatively new banking trojan is relying on gullible users to gain admin rights on Android 6 devices, proving that, no matter how much Google tries to secure its OS from malware, humans will always gladly open the door for unsafe infections.
The security firm noted that while the majority of Gugi attacks (93%) have taken place in Russian Federation, the infections are likely to spread globally.
Kaspersky Lab advises Android users against automatically agreeing to hand over rights and permissions when an app asks them to do do.
Gugi, which is spread via SMS spam that passes as a classic “You received an MMS” alert, contains an infection routine specifically adapted for Android 6 and its security measures such as its multi-level app permissions systems.
Kaspersky Lab says victims are usually approached via SMS, which comes with a malicious link. Users can still boot the device in safe mode during this phase and uninstall the trojan before it manages to get admin privileges. It then requests access rights in a pop-up reading: “Additional rights needed to work with graphics and windows”, with a single response button available – “Provide”.
While Google has plugged many bugs in the Android 6 and 7 OS source code that allowed crooks to elevate their malicious apps to the phone’s root level, it appears that there’s still no answer to social engineering attacks that target the phone’s user. If the trojan does not receive all the permissions it needs, it completely blocks the infected device. While users can boot into safe mode to uninstall the malware, Kaspersky Lab explained that this process will have been made more hard if the user has already given administrator rights.
Install an antimalware solution on all devices and keep OS software up-to-date.
Advertisement
They must avoid clicking on links in messages from people they do not know and exercise caution at all times when visiting websites. If something looks suspicious, it probably is. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.
