Recently, we had a chance to help a user who received a suspicious message. Unlike thousands of other Internet users, instead of clicking links indiscriminately, he followed his hunch and called us. It turned out that he had experienced an unknown type of attack.
As many banks use SMS 2FA for transfer authorization, malware authors are constantly looking for new opportunities to take over control of PC infection victims’ smartphones. We have identified a new attack scenario that involves both PC and mobile devices infection by leveraging trust people have in Google services. Continue reading “Banking trojan, Gmail webinject, SMS message and malicious APK – all in one attack scenario”