- Automated Transfer System (ATS): Threat actors can harvest credentials and MFA tokens and initiate, modify, and execute transactions.
- Intercepting Notifications: Threat actors may utilize the ATS to delete transaction-related SMS or app alerts to evade user detection.
- Social Engineering Sophistication: Threat actors use social engineering tactics to masquerade as customer support agents to direct victims to download Trojan payloads voluntarily.
- Live Screen-Sharing Capability: Banking trojans may now feature live screen-sharing, allowing cybercriminals to gain real-time access to infected devices.
- Subscription-Based Malware: Threat actors offer these malicious tools for a monthly fee of $3,000 to $7,000.
- Users are advised to only download applications from official sources.
- Users who downloaded the affected apps are urged to uninstall them promptly.
- Credentials used to log into malicious apps should immediately be changed.
- Review requested permissions and refrain from granting access to the “Accessibility Services.”
- Keep Google Play Protect enabled on all Android devices.
