New Catelites Bot malware: camouflage more than 2,200 bank APP login screen for overlay screens

According to foreign media reported on December 20, the Czech software company Avast recently found that a new Android Catelites Bot malware disguised as more than 2200 banks (including Santander and Barclays Bank, etc.) application software, the use of “screen coverage attacks “Steal user bank account and password information.

Avast in its Bowen pointed out, with a Catelites Bot issued by the Russian mafia network CronBot there are some similarities, the researchers believe Catelites Bot may also be associated with the gang.

It has been reported that the cyber gang has recently been smashed by the police and has infected more than 1 million users with “CronBot” Trojans and stole $ 900,000.

Although there is no evidence that Catelites Bot, the developer of the malware, is associated with CronBot, the malicious developer may now have access to CronBot’s technology and use it for his own attacks.

Catelites Bot attack

Researchers revealed that Catelites Bot is mainly spread through third-party application stores. In recent months there have been cases of “spurious applications” attacking Android devices almost every week. Malware Catelites Bot first attempts to gain administrator privileges and then automatically and interactively retrieve the icons and names of other Android banking applications from the Google Play Store before re-using the “screen-over-attack” – fake bank app login The interface covers other formal applications to trick users into gaining access to usernames, passwords, and credit card information. (“Screen-covered attack,” the typical representative, editor’s note)

Although forged login interface and the real application interface is not exactly the same, hackers can achieve the purpose of the way through the wide network. Under normal circumstances, the new Android users may be more likely to be cheated.

“So far, the Catelites Bot malware is aimed primarily at the Russian user community, and it is still in an early testing phase or will spread to a wider area of ​​the world with statistics showing that at least 9,000 user devices are currently infected.” The researchers said .

In addition, the team of Avast and SfyLabs found that the malware Catelites Bot has some features that have not yet been activated, such as text blocking (usually requiring double access codes), erasing device data, locking smartphones, accessing phone numbers, viewing message conversations, forcing passwords Unlock, even change the speaker volume and more.

Researchers suggest that because Catelites Bot is spread through unofficial channels, it is important for users to set their phone to only accept application downloads from official stores, such as Google Play. At the same time, it is also a necessary measure to prevent malware attacks by verifying the program interface to check whether the bank application is overwritten.

Source: IBTimes