In our effort to detect threats to the users of Android devices, we analyze a lot of malicious apps. This post exemplifies the analysis of such malware, more specifically a banking Trojan that we came across recently. It pretends to generate one-time authentication codes for online banking, but its real purpose is to steal the users' banking credentials and to intercept incoming SMS (possibly containing Transaction Numbers). Also, it tries to evade analysis by checking its runtime environment.
We have seen different versions of the app, but this post is based on samples with SHA1 hashes e370ab3f1fbecfc77bdc238591d85882923ed37e and 698a1c5574fbe8ea1103619d81fdd4e8afa85bd5.
Let's start with observing how the app under analysis presents itself to the user.
read more......http://info.lastline.com/blog/analyzing-a-banking-trojan?utm_medium=social&utm_source=twitter
We have seen different versions of the app, but this post is based on samples with SHA1 hashes e370ab3f1fbecfc77bdc238591d85882923ed37e and 698a1c5574fbe8ea1103619d81fdd4e8afa85bd5.
Let's start with observing how the app under analysis presents itself to the user.
read more......http://info.lastline.com/blog/analyzing-a-banking-trojan?utm_medium=social&utm_source=twitter