WeChat users warned vs. Trojan banker disguised as fake app

Users of popular messaging software WeChat were warned this week against a Trojan malware targeting their banking data – disguised as a fake WeChat app.

Kaspersky Lab said the new malware comes as Internet financial services are growing rapidly and more online financial services are accessible from mobile devices.

"Recently Kaspersky Lab intercepted a new Trojan-Banker like this. It was detected as Trojan-Banker.AndroidOS.Basti.a. This Android app is disguised as a normal WeChat app on the phone," lab expert Vigi Zhang said in a blog post.

He said this shows cybercriminals' efforts to "steal sensitive information and get hold of other people’s cash."

Zhang noted WeChat is a famous mobile instant messenger in China and allows users to make payments.

Its huge market share "also makes it a tempting target for criminals, who are developing Trojan-bankers to mimic it," he said.

Zhang said the fake app requests some sensitive privileges, such as android.permission.RECEIVE_SMS.

"The author of the Trojan wanted to prevent analysts from reverse engineering the code, so it is encrypted with ‘bangcle secapk’. We couldn’t get any useful information out of this encrypted sample," he noted.

But after decoding the sample, he said they found the malware is capable of many types of malicious behavior.

"When executed it opens a special GUI to let users input their bank related information, including bank card number, PIN code and mobile phone number," he said.

It then sends the information to the Trojan author’s email.

Also, Zhang said the Trojan-Banker registered a BootReceiver that will monitor newly received text messages and uninstall broadcasts from the infected mobile. — Joel Locsin /LBG, GMA News