Advertisment

Modified Gugi banking trojan can bypass your Android 6 security

author-image
CIOL Writers
New Update
CIOL Modified Gugi banking trojan can bypass your Android 6 security

The rapid rise in technology has made web, a very significant part of our lives. On the other side, due to the rise in cyber attacks, it has made us vulnerable to cyber criminals.

Advertisment

In late 2015, Android OS version 6 was launched, with new security features designed specifically to block such attacks. However, Kaspersky Lab anti-malware experts have uncovered a modification of the Gugi trojan that can successfully bypass these new features.

The modified trojan forces users into giving it the right to overlay genuine apps, send and view SMS, make calls, and more.

Cybercriminals are using this trojan rapidly and there there was a ten-fold increase in its number of victims between April and early August 2016.

Advertisment

Initial infection with the modified trojan takes place through social engineering, usually with a spam SMS that encourages users to click on a malicious link. Once installed on the device, the trojan sets about getting the access rights it needs. When ready, the malware displays the following sign on the user’s screen: “additional rights needed to work with graphics and windows”. There is only one button: “provide.”

After authorizing app overlay, the trojan will block the device screen with a message stating ‘Trojan Device Administrator’ rights, and then ask for permission to send and view SMS and to make calls.

If the trojan does not receive all the permissions it needs, it will completely block the infected device. Leaving only one choice to users, reboot the device in safe mode and try to uninstall the Trojan, an activity that is made harder if the trojan has already gained ‘Trojan Device Administrator’ rights.

Advertisment

Gugi is a typical banking trojan, stealing financial credentials, SMS and contacts, making USSD requests and sending SMS as directed by the command server. To read more about how the Gugi Trojan bypasses elements of Android 6 security, read the blog on Securelist.com.

“The discovery of the modified Gugi Trojan is a good example of this. In exposing the threat, we can neutralize it, and help to keep people, their devices and their data safe,” said Roman Unucheck, Senior Malware Analyst, Kaspersky Lab.

Kaspersky Lab advises Android users to take the following steps to protect themselves against the Gugi Trojan and other malware threats:

• Don’t automatically agree to handover rights and permissions when an app asks you to do so – think about what is being asked for, and why you are being asked for it.

• Install an antimalware solution on all devices and keep OS software up-to-date.

• Avoid clicking on links in messages from people you don’t know, or in unexpected messages from people you do.

• Exercise caution at all times when visiting websites: If something looks even slightly suspicious, it probably is.

cyber-security cyber-attacks android cyber-crime