CTI Project: Android Banking Trojan Nexus
Android banking Trojans are an interesting threat because if successful, it can be a huge payday for a cybercriminal and a terrible loss for the victim. The latest wave of Android banking threats have a range of advanced features, all designed to clear out a victim's bank account. The majority of these threats are distributed via malicious SMS text messages, the Google Play Store, Social Media, or watering hole sites. These types of threats also largely require the users to be unaware of the danger of granting unsafe permissions to apps, such as Android Accessibility Services - one of the main functions that Android malware heavily relies on to perform financially motivated attacks.
The Android Banking Trojan Nexus (see above) is supposed to help fraud teams and security researchers identify and track Android banking Trojans designed to steal funds from their customers' accounts. Tracking the latest and greatest Android threats is a valuable venture. From my experience of working with large banking and financial services, knowing which threats are targeting their customers and knowing where to prioritise resources to investigating these threats was a useful endeavour.
Preview of the Android Banking Trojan Nexus:
- [Mobile Security Firm] ThreatFabric Blogs - https://www.threatfabric.com/blogs.html
- [Mobile Security Firm] Zimperium Blogs - https://blog.zimperium.com/?s=Android
- [Mobile AV Firm] ESET Blogs - https://www.welivesecurity.com/?s=Android
- [Mobile AV Firm] Kaspersky Blogs - https://securelist.com/?s=Android
- Malpedia - https://malpedia.caad.fkie.fraunhofer.de/