Malware Report

Oscorp: Android banking Trojan to steal cryptocurrency and 2FA codes

Following the trend of an increase in banking threats on mobile devices, we've seen two new unknown families appear as soon as this new year began, namely Oscorp and Toddler.

In this case we've talked about Oscorp, a family that's new but that doesn't include any significant developments with regard to the families we are already familiar with.

As we've been able to see, credential theft continues to be carried out through accessibility services that abuse their permissions to log accessibility events (similar to keylogging on desktop systems) or to detect the launch of any legitimate applications and show an overlay with the web injection with the phishing form. 

However, it does incorporate something that's less common, which is the direct theft of money, in this case cryptocurrency.