Beware! Fake Chrome App “Mamont” Steals Banking Details

Cybersecurity researchers at G DATA have uncovered a sneaky new Android banking trojan named “Mamont.” This malware, currently targeting Russian-speaking individuals, masquerades as a fake Google Chrome app to trick unsuspecting users. Once installed, it can steal sensitive banking information and intercept SMS messages, leading to financial losses.

The Art of Deception

Image: G DATA

The Mamont trojan mimics the official Google Chrome icon, with only a subtle black outline distinguishing it from the genuine app. This small difference can easily be overlooked, especially by users in a hurry. Distributed through phishing and spam campaigns, “Mamont” preys on the inherent trust people have in the Chrome brand.

Dangerous Permissions & False Promises

Upon installation, the malware requests excessive permissions to make phone calls, send SMS messages, and receive SMS messages. To further the deception, it may claim you’ve won a cash prize, asking for your phone and card details to receive the supposed reward. Don’t be fooled!

Targeting SMS Traffic

After gaining the necessary permissions, Mamont silently scans the victim’s SMS messages for keywords related to financial services like PayPal and WebMoney. Any relevant messages are then sent to the attacker’s Telegram channel. Worse, the malware can even intercept new SMS messages, including those containing authentication codes used to authorize transactions.

Financial Fraud and Privacy Invasion

This potent combination of access gives cybercriminals the keys to your bank account. They can steal your phone number, card information, and bypass security measures, ultimately draining your funds. But the threat doesn’t stop there. Private conversations and sensitive data in your texts are also vulnerable to exposure.

Protect Yourself – Tips from G DATA Researchers

1. Trusted Sources Only: Download apps exclusively from official stores like the Google Play Store. Even then, scrutinize the developer, reviews, and requested permissions.
2. Question Permissions: Be wary of apps asking for access unrelated to their function.
3. Stay Updated: Keep your device and apps updated to benefit from the latest security patches.
4. Beware of Phishing: Don’t click suspicious links or download attachments from untrusted sources.
5. Avoid Sideloading Apps: Stick to apps from the official app store whenever possible.

Call to Action

“It’s crucial to take steps to protect yourself from the Mamont Spy Banker and similar threats. Even though in this case the malware seems to target Russian speakers primarily, similar malware has been observed which was tailored for other locales and countries as well,” says G DATA’s malware analyst, Banu Ramakrishnan.