Android Malware Uses Screen Overlay to Steal Credentials and Credit Cards

Malware is like any other piece of software.  Version one is usually pretty crappy – want vendors like to affectionately call a “minimum viable product”.  Sometime minimal is loosely defined.

In this case the malware is called GINP.  The trojan has been in the wild since June.  In the five months since,  it has evolved.  It started out as a Google Play Verifier.  It stole incoming and outgoing text messages.

A later version added an “overlay” – a layer over the top of the screen that popped up when you opened an app like Facebook, WhatsApp or a bunch more.  That overlay asked for a credit card and that information went to the attackers.

The next version added code to make it harder to detect the app.

Then it morphed.  Today it is going after Spanish banks – 24 apps from 7 banks right now, but it looks like that is just a start.

You can imagine what the hackers might do with online banking credentials.

The overlays can mimic whatever they want to – they cover the whole screen.

One downside to the technique is that it requires the user to give it a specific permission generally used for apps for handicapped people called the “accessibility” permission.

Even if this app does not morph to US banks, users should be careful.

Look at what permissions an app is asking for – don’t just blindly say yes.

Look for telltale signs.  This malware is going to make it look  like you have been logged out of the app and need to log back in.  It will also ask for credit card info.  Don’t do that if it doesn’t seem right.

Turn on two factor authentication.  That way, at least, if they have your credentials, they don’t have the second factor. 

Be selective about what apps you install – and uninstall apps that you do not use any more.

Nothing is bulletproof, but make it harder for the bad guys.  Source: CSO Online

by