According to recent foreign media reports, Czech software company Avast recently discovered that a new Android malware , Catelites Bot, disguised itself as more than 2,200 bank (application software), using "screen overlay attacks" to steal sensitive information such as users' bank accounts and passwords.
Subsequent related evidence pointed out that Catelites Bot has some similarities with a CronBot Trojan program released by a Russian cyber gang, so researchers believe that Catelites Bot may also be associated with this gang.
According to previous reports, the online gang has recently been dismantled by the police, using the "CronBot" Trojan to infect more than 1 million users and steal $900,000.
Although there is no evidence that the developer of the malware Catelites Bot is affiliated with CronBot, the malicious developer may have mastered CronBot's related technology and used it in his own attacks.
How Catelites Bot Attacks
The researchers revealed that the Catelites Bot was primarily spread through third-party app stores. In recent months, there have been almost weekly cases of "fake apps" attacking Android devices. The malware Catelites Bot first tries to gain administrator privileges, then automatically and interactively extracts the icons and names of other Android banking apps from the Google Play Store, and then uses a "screen overlay attack" - a fake banking app to log in The interface overlays other legitimate applications in a way that tricks the user into obtaining usernames, passwords, and credit card information.
Although the fake login interface is not exactly the same as the real application interface, hackers can achieve their goals by casting a wide net. Often, new Android users can be more easily fooled.
研究人员建议,由于 Catelites Bot 是通过非官方渠道传播的,因此对用户而言将手机设置为仅接受来自官方应用商店(如 Google Play)的应用下载非常重要。同时,通过确认程序界面来检查银行应用是否被覆盖也是预防恶意软件攻击的必要措施。
国内是否遭受波及?海云安建议应早做防范
消息发出后,国内相应的此类程序是否受到波及广受关注,据最新消息表明,Catelites Bot 恶意软件主要针对的是俄罗斯用户群体,它还处于一个早期测试阶段,或将扩散至全球更大范围,就统计结果显示目前至少有 9000名用户设备受到感染”。
截至发稿,目前国内尚无安全厂商或企业公开发表声明有遭受此恶意程序攻击的信息,但海云安建议,本次虚假应用程序攻击虽然目前仅发现是针对俄罗斯用户,但考虑到全球网络的快速传播及复制特性,国内相关银行类应用仍需提高警惕,防范有国内黑客人员引入该工具借此开展攻击行为,海云安建议:
1、可以通过海云安的MARS系统,及时进行自身应用程序的全面检测,是否存在诸多风险漏洞?面对Catelites Bot 恶意软件的“屏幕覆盖攻击”是否具备防劫持等预防能力?
2、海云安的应用市场风险监测平台可针对诸多的应用市场进行监测排查,及早发现是否出现恶意程序传播的状况,进行风险预警,便于各方单位及早采取预防措施!
3、对用户而言,定期开展手机杀毒措施,及时发现可能潜伏在手机中的恶意程序,可避免出现不必要的财产损失。