Woburn, MA – June 25, 2019 — /BackupReview.info/ — Kaspersky researchers have discovered that the money-stealing mobile malware Riltok, first observed in mid-2018, has launched new variants. The malware is extending its targeting outside of Russia, now attacking Europe by disguising itself as services popular in France, Italy and the United Kingdom.
Riltok is a banking Trojan, designed to gain access to the financial accounts and assets of their victims by stealing login credentials and hijacking online banking sessions. These Trojans often disguise themselves as legitimate web services and apps to trick the user into installing it and entering their credentials and sensitive data.
In the case of the Riltok Trojan (the name comes from ‘Real Talk’), the attack scenario generally starts with a user receiving an SMS message with a link to a fake website that closely resembles a popular website for free classified advertising. The website invites the user to install the new version of the service’s mobile app, which is, in fact, the Riltok malware. Once the malware is downloaded and receives the necessary permissions from the infected victim, it appoints itself as the default app for receiving and viewing SMS messages. This lets the attackers see all SMS messages, including confirmation codes sent through text, and allows them to send messages to other numbers for further propagation of the malware.
The main functions of the malware include:
Kaspersky experts have detected around 4,000 users who have been targeted by this malware to date, mainly in Russia, but also in Italy, France and the UK.
“We’ve been watching how the Riltok malware is being distributed slowly but steadily across Russia, and we expect to see a rise in attacks as the cybercriminals behind this threat extend their reach to new countries and continents, starting with Europe,” said Tatyana Shishkova, security researcher at Kaspersky. “We’ve observed this scenario many times before; in our experience, once threat actors create a successful malware and test it in Russia, they adapt it for foreign victims and explore new territories. Usually such threats end up going global.”
Kaspersky products detect the threat as Trojan-Banker.AndroidOS.Riltok.
To protect yourself from financial malware, including the Riltok Trojan, Kaspersky security specialists advise:
Read more about Riltok Banking Trojan on Securelist.com
About Kaspersky
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com
Media Contact
Meghan Rimol
781.503.2671
meghan.rimol@kaspersky.com
Source: Kaspersky
Tags: Kaspersky, Kaspersky Lab
Copyright © 2004 - 2020 Backup Review.info | Sitemap
RSS feed for comments on this post · TrackBack URI
Leave a reply