Oscorp, the new Android 'malware', can steal the credentials of our bank accounts and credit cards.
This was discovered by the CERT-AGID (Computer Emergency Response Team) of the Agency for Digital Italy, which is installed on Android smartphones and is able to monitor all user movements.
This malicious code is capable of recording the audio received by the mobile microphone as well as recording video with the phone's cameras. For this reason, it is dangerous malware that should be avoided.
After consulting Luis Corrons, Avast Security Evangelist, told us that if your Android smartphone is infected with this malware, you should uninstall the malicious application that introduced it and change your online banking login details, as it will surely have been caught. It is also important to check that there is no suspicious activity on your bank account.
It's important Note that this malware does not install itself, but the user must authorize its installation.
If you have installed a mobile application after clicking on a link received via SMS or email and the default Android protection has been disabled to prevent apps from being installed outside the Google Play Store, your device is most likely infected.
If you have installed the malicious app that contains this malware and you do not give permission to change the accessibility permissions (which is clever of you), the malware is programmed to open the window every 8 seconds and then press for the user to activate them.
Once the permissions are accepted, the malware starts recording keystrokes, uninstalling applications on the device, making calls, sending SMS messages, stealing cryptocurrencies by redirecting payments made through the Blockchain.com application and also accessing the authentication codes to be able to skip Google two-step verification.
Furthermore, as expected, if the malicious application detects that the user is opening one of the target applications for which it embeds a phishing, this is shown to the users with the intention of stealing their credentials (especially the banking ones).
Conclusion
According to Statista, as of March 2020, the total number of new samples of malware Android ammontava a 482.579 per month. According to AV-Test, Trojans are the most common form of malware on Android devices.
If you are using Android, you should have a reliable antivirus activated and periodically scan your device to see if it is infected with any of the thousands of viruses and malwares that exist for this platform.
I key tips of Luis Corrons (Avast) to prevent this type of malware on smartphones are:
- Use a security solution that scans all apps installed on your phone.
- Never install any apps outside the official stores
- Ignore any messages asking to install an app that directly downloads the file to your device.
Or, of course, you can also upgrade to an iPhone.
