Pierluigi Paganini May 29, 2014

Security experts at Kaspersky Lab have discovered a new banking trojan, dubbed Banker.AndroidOS.Basti.a, hidden in a fake WeChat application.

Cyber criminals are abusing of the brand WeChat, the popular mobile application designed by Chinese company Tencent, to arrange a malware campaign which hit Chinese users.

Experts at Kaspersky Lab have discovered that cybercriminals are using an application for Android that looks like the legitimate WeChat to request permissions necessary to control the victim’s mobile (e.g. Receive SMS, Access to the Internet), in reality it is a new banking Trojan, dubbed by the researchers Banker.AndroidOS.Basti.a.

Malware authors have encrypted the banking trojan Banker.AndroidOS to avoid detection of security firms. Probably the cyber criminals have used a common app shield service like Bangcle, which prevent app from debugging and decompiling.  

“The author of the Trojan wanted to prevent analysts from reverse engineering the code, so it is encrypted with ‘bangcle secapk’. We couldn’t get any useful information out of this encrypted sample.” reports Vigi Zhang, Kaspersky Lab expert. 

Despite the further layer of protection added by malware authors, the experts have decrypted and they have discovered it can be used to deceive victims with classic phishing scheme.

When the fake WeChat app is executed, victims are presented with a GUI where they’re asked to enter personal information like phone numbers, PIN, payment card numbers and other sensitive data like banking information.

The harvested data are then sent back to an email account controlled by the cyber criminals, credentials for the account are hardcoded in the banking trojan source code.

Knowledge of email credentials allowed experts at Kaspersky lab to make a raw estimate of the infection rate, accessing to the account they have found a many victims of the fake WeChat app.

Chinese authorities are worried by the abuse of any social media and instant messaging, China’s State Internet Information Office (SIIO) announced that will target public accounts involved in fraud schemes, and ones used for misinformation campaigns (PSYOPS), violence and pornography, AFP reports.

Let’s closed with suggestions provided by experts at Kaspersky Lab, they advise mobile users to:

• Install mobile security software.
• Be sure to update the software’s databases to the latest version.
• DO NOT visit any suspicious websites or download unfamiliar apps.
• Before you enter any sensitive information, make sure you know who is asking for it, and why.