Android Users Spread App Which Empties Bank Accounts

Researchers have discovered a new virus which uses Android phones to empty victims’ bank accounts via mobile banking.

Russian cyber security firm Group-IB initially reported the presence of the unnamed virus Wednesday, advising its spread is ongoing.

Masquerading as an MMS message from a user’s phone contact, the virus delivers a link, clicking on which unpacks the virus via an app.

The malicious program then gains admin privileges to Android, sending further messages to contacts and requesting fund transfers from any linked bank accounts via SMS.

Victims are greeted with the following message at the start:

“Dear user, you have received an SMS photograph. You can view it using the link below.”

As part of its analysis, Group-IB notes that antivirus software installed on users’ devices failed to detect any threat during the installation of the malicious software.

“This threat is directed at Android OS users - bank customers using SMS banking and those who use mobile banking apps,” the company’s head of malicious code dynamic analysis department Rustam Mirkasymov commented.

“Notably, antivirus programs installed on victims’ phones did detect that the accompanying app was dangerous at any stage while the virus was spreading (and continued not to detect anything).”

The virus is a further headache for Russian consumers after a widespread attack began collecting Bitcoin ransoms and wiping data earlier this month.