Attackers manipulating mobile applications is not unheard of; however this new breach leverages its ability to control the victim's device.
The malicious app initially uses phishing techniques, presenting the victim with a fake banking web page; thus enabling the attacker to derive the victim's banking credentials to their own web server.
From this point on, the attacker has full control of the victim's mobile device....and their bank account.
This malware is particularly interesting, as it has it's own built-in defence mechanism. If the victim was to attempt to delete the app, the device would lock itself. As well as doing so, the app changes the device's lock code. So while the device is rendered practically unusable to the victim, the attacker proceeds to empty their bank accounts.
As always, we strongly recommend that you do not open unknown email attachments, and to always implement Anti-Virus software on all devices.
It’s not uncommon for malware to have capabilities that protects itself. This usually consists of routines that help keep it hidden. One particular mobile malware caught our attention with its unique combination that makes its attack stealthy, and it has the capability to locks a user’s device.