Security researchers at Cleafy have detected a new Android Banking Trojan. The trojan was reportedly spotted in the wild earlier this month and named “Revive” by security researchers due to its ability to automatically restart in the event of an error. The tool is designed for persistent campaigns, and is currently targeting Spanish banks. Researchers have also clarified that the attack methodologies used in Revive and to deploy it bear similarities to other banking trojans. This is due in part to the keylogging capabilities and SMS message reading that the trojan performs.
Upon installation, Revive requests access to several permissions on the users’ device related to SMS and phone calls. When the permissions are approved, Revive redirects users to a cloned page of whatever entity it is targeting, in this case a bank, and ask them to enter their credentials. The credentials are then sent to the attackers. Finally, Revive sends users to a generic home page with links to the legitimate website to avoid detection and alerting users to the fact that their data has been stolen.
Read More: Android Spyware ‘Revive’ Upgraded to Banking Trojan