/?pid=18827

Updated:06:27 PM EST Jan 12
this is ggmania.com subsite

NEWS
rss feed 
 
top 100
archive
ARTICLES
CD/DVD tools
Free Antivir
Security
Drivers
Utilities
FORUMS
LINKS


(C) 2006-2025 TechAmok Independent
All Rights Reserved.


 
 Android Banking Trojan Svpeng Adds Keylogger - TechAmok

Android Banking Trojan Svpeng Adds Keylogger - [security]
07:13 PM EDT - Aug,01 2017 - post a comment

The authors behind the Android banking malware family Svpeng have added a keylogger to a recent strain, giving attackers yet another way to steal sensitive data.

Roman Unuchek, a senior malware analyst with Kaspersky Lab, said Monday he spotted a new variant of the Trojan in mid-July. Unuchek says the keylogger takes advantage of Accessibility Services, an Android feature that assists users with disabilities or assists users to access apps while driving.

Unuchek specializes in digging up Android malware; earlier this summer he helped alert Google of two apps in its Play marketplace that were really Ztorg Trojans and another app that was a rooting Trojan, Dvmap.

According to the researcher the most recent iteration of Svpeng checks the device's language. If the language isn't Russian, it asks the device to use Accessibility Services, something that can subject the device to a number of dangerous outcomes.

“It grants itself device administrator rights, draws itself over other apps, installs itself as a default SMS app, and grants itself some dynamic permissions that include the ability to send and receive SMS, make calls, and read contacts,” Unuchek wrote Monday, “Furthermore, using its newly gained abilities the Trojan can block any attempt to remove device administrator rights – thereby preventing its uninstallation.”

Once afforded the ability to access to the inner workings of other apps on the device, Unuchek says Svpeng can steal text entered on other apps and take screenshots, information that's promptly fired off to the attackers' command and control server.

Unuchek said that as part of his research he managed to intercept an encrypted configuration file from the malware's C&C server. The file helped him determine some of the sites and services that Svpeng targets. He claims the file contained phishing URLs for both the PayPal and eBay mobile apps, along with URLs for banking apps from the UK, Germany, Turkey, Australia, France, Poland, and Singapore.

The file also contained an overlay for a rewards app – not a financial app: Speedy Rewards, an app distributed by the US gas station/convenience store chain Speedway.

In addition to including URLs, the file helps the malware receive the following commands from the server:

  • To send SMS
  • To collect info (Contacts, installed apps and call logs)
  • To collect all SMS from the device
  • To open URL
  • To start stealing incoming SMS

The most recent version of the Trojan, dubbed Trojan-Banker.AndroidOS.Svpeng.ae, isn't exactly widely deployed, Unuchek says. Only a small number of users were attacked over the course of a week, but it could stretch further. While the malware may have not hit a lot of users, those that were hit came from all corners of Europe – 23 countries, including Russia, Germany, Turkey, Poland, and France, according to Unuchek.



Add your comment (free registrationrequired)

Short overview of recent news articles

Jan,12 2026 Lee Cronin's The Mummy - Official Teaser Trailer (2026) Jack
Jan,12 2026 Ferrari SF90 XX v Xiaomi SU7 Ultra: DRAG RACE
Jan,10 2026 Welcome to the Wasteland - Fallout (American TV series) fan video
Jan,09 2026 GOOD LUCK, HAVE FUN, DON'T DIE Trailer 2 (2026) Sam Rockwell
Jan,07 2026 NVIDIA Releases GeForce 591.74 WHQL Drivers with DLSS 4.5 Support
Jan,07 2026 Predator: Badlands Exclusive Deleted Scene (2025)
Jan,06 2026 Greenland 2: Migration - Official Trailer 3 (2026) Gerard Butler,
Jan,05 2026 The Best Laptops of 2025 - For Gaming, Creators & Students!
Jan,05 2026 Punkt Updates its Privacy-Focused Smartphone
Jan,05 2026 Clicks Launches New Ways to Add a Physical Keyboard to Your Life
Jan,05 2026 Building a PC for the First Time
Jan,03 2026 Building a PC in 2026
Jan,02 2026 I want this phone so bad... - Samsung Galaxy Z TriFold
Jan,02 2026 The Real Finewine Strikes Again: Ryzen 5600X, 5700X & 5800XT Revisit
Jan,02 2026 Nokia N8 Symbian Re-Awakened With Passion
Jan,02 2026 Europe Forces Apple to Open up More of iOS
Jan,02 2026 Must have Privacy and Security Tweaks: 2026 Edition
Jan,01 2026 How Did RAM Get So Expensive?!
Dec,31 2025 GeForce RTX 5090 prices to soar to $5,000 as NVIDIA and AMD prep GPU
Dec,30 2025 Hacker arrested for KMSAuto malware campaign with 2.8 million
Dec,29 2025 Killer Whale - Official Trailer (2026) Virginia Gardner, Mel
Dec,28 2025 NVIDIA Showed Me Their Supercomputer
Dec,28 2025 2026 CPU Launches! AMD, Intel & NVIDIA: Buy Now or Wait?
Dec,27 2025 Disable this Windows Feature that Secretly Eats Up RAM!
Dec,27 2025 New Windows 11 vs Old Malware: Will it survive?
Dec,27 2025 Samsung TriFold Durability Test: We found the limit
Dec,26 2025 TRUST WALLET CONFIRMS SECURITY BREACH
Dec,26 2025 Xiaomi 17 Ultra Leads And Samsung To Follow With A 10 Percent Price
Dec,25 2025 Merry Christmas Gaming Insanity
Dec,24 2025 Battlefield 6 - Official PS5 Features Trailer
Dec,24 2025 NVIDIA GeForce Hotfix Driver 591.67 Released
Dec,23 2025 Finally! A Battery That's Better Than Energizer and Duracell!
Dec,22 2025 NVIDIA Killing Cheap 16GB Local AI GPUs?
Dec,21 2025 Top 10 Movie Sequels of All Time
Dec,21 2025 He Built a Privacy Tool. Now He's Going to Prison (Kone Rodriguez,
Dec,20 2025 Insane Moves! B-Boy Shigekix vs. B-Boy Issin - Red Bull BC One World
Dec,20 2025 9800X3D & RTX 5070 Ti Gaming PC - MSI Project Zero Done Right
Dec,19 2025 The XG27AQWMG Sets a New Standard for 1440p OLED
Dec,19 2025 OnePlus 15R Boasts Huge 7,400 mAh Battery
Dec,19 2025 Motorola Refreshes moto g power for 2026
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs