In January of 2021, a new family of previously undetected banking malware was discovered. The samples were found on the VirusTotal and Koodous malware analysis platforms.
Various antimalware engines were able to detect these applications as malware right from the get-go, mainly because they use the same strategies that other banking malware families often use to steal bank credentials, such as Cerberus and Anubis Bankbot. In this way, thanks to the platforms designed to detect these families, these analysis engines have been able to detect malicious functionalities and mark the applications as malicious.
As we'll see later on, this new banker isn't much different compared to all the other banking trojans that we can find in the world of Android devices. And it follows the usual credential theft strategies, which are based on the use of web injections that present the user with a WebView with a phishing page similar to the login interface of the affected entity.
The possible options for its spread that the attackers could have used will be discussed below. We will also delve into how this malware operates, including credential theft techniques as well as the theft of other information on the device.