Android/Banker.GT!tr.spy Malware Block over 30 Anti-virus Programs
Security researchers for Fortinet uncovered a new android Trojan that targets user in Germany. Android/Banker.GT!tr.spy is targeting about 15 application for banking system. This malware hide itself into an email application which is again the best technique to trick user by taking a legitimate application and ship the malware inside the apk file.
Android/Banker.GT!tr.spy will be running in the background and will ask permission to read device status here the victim will see that the mail application is asking for this access which can be justified. Next the attacker will have a full access into the device to make calls, sending, reading or writing SMS.
Here the malware will start 3 services GPService2, FDService and AdminRightsService. The first is to monitor all running processes on the system and to attack banking app. That’s not all because the same service will block about 30 security software so if there is a process it will be prevented from detecting the Trojan.
FDService will also monitor specific processes on the device. This will also target application but at the moment this is empty so it can be updated in the future. This mean that attacker will have new versions that update the list of targeted apps.
The third service AdminRightsService requests device administrator rights when the malware is launched for the first time. At the moment Fortinet created definition to detect this malware for the IPS and antivirus.