A previous version of this malware, known as the Fanta SDK, appeared in December 2015 but went mostly unreported, targeting a small number of users. Since then, the Android malware has evolved in capabilities but has kept its mode of operation.
First, users receive an email with their banks email address spoofed, and theyre told that a new security update for their banking application was recently released and that they should update their app. If the user has one of those apps installed on their phone, theyll likely follow the download link included in the email and download the app on their phone. It is recommended that users update the mobile banking app through the Google Play Store, and not via manual downloads.
If the user decides they dont need a mobile banking app, or if they see something suspicious and attempt to uninstall the malicious app, the Fanta SDK comes with a self-protection method that automatically sets a random smartphone PIN and then locks the device.
At this stage, seeing that its presence was detected, the malware just starts emptying users’ bank accounts. Right now, the app only targets the users of Russian banks.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now