In July, a new family of banking malware for Android mobile devices was detected.
Although the trojan uses the image of a Colombian bank, which suggests that its main target is Colombian users, the list of affected entities includes banks from the rest of the world, especially European ones (Spanish, Italian, British, etc.).
As we can see in the previous image, this trojan includes the logo of the bank's legitimate application that it impersonates, although the name does not correspond to the original.
This year, 2021, is the year of banking malware for Android, because after Toddler, Flubot and Oscorp; Coper is the fourth banker for Android that emerged this year.
It's possible that more will appear in what remains of the year, so it's very important to keep an eye out to detect them and protect users as quickly as possible.
The theft of credentials is carried out through phishing injections (overlays) and the logging of accessibility events (keylogging). However, it stands out for its packing process, for which it uses a native library that decrypts, loads and executes the final payload of the banker.
