It became known about the increase in activity of the FANTA Trojan, which attacks owners of Android devices using various Internet services, including Avito, AliExpress and Yula.
This was reported by representatives of Group IB, who are engaged in research in the field of information security. Experts have recorded another campaign using the FANTA Trojan, which is used to attack clients of 70 banks, payment systems, and web wallets. First of all, the campaign is directed against users residing in Russia and some CIS countries. In addition, the Trojan targets people who post ads for sale and purchase on the popular Avito site. According to experts, this year alone, the potential damage from the FANTA Trojan for Russians is about 35 million rubles.
Group IB researchers found that in addition to Avito, the Android Trojan targets users of dozens of popular services, including Yula, AliExpress, Trivago, Pandao, and others. The fraud scheme involves the use of phishing pages that are disguised as real websites by attackers.
After publishing the ad, the victim receives an SMS message stating that the full cost of the product has been transferred. To view the details, you are invited to follow the link that is attached to the message. Ultimately, the victim ends up on a phishing page that looks no different from the Avito pages. After reviewing the data and clicking on the βContinueβ button, the FANTA malicious APK is downloaded to the user device, masquerading as the Avito mobile application.
Next, the Trojan determines the type of device and displays a message on the screen stating that a system failure has occurred. The System Security window is then displayed, prompting the user to allow the application access to the AccessibilityService. Having received this permission, the Trojan, without outside help, receives the rights to perform other actions in the system, making imitation of keystrokes for this.
Experts note that the developers of the Trojan paid special attention to integrating tools that allow FANTA to bypass Android antivirus solutions. Once installed, the Trojan prevents the user from running applications such as Clean, MIUI Security, Kaspersky Antivirus AppLock & Web Security Beta, Dr.Web Mobile Control, etc.
Source: 3dnews.ru