Online security experts Kaspersky Lab (News - Alert) have detected a new dangerous Trojan that is targeting users in the U.S. and U.K. by combining the functions of financial malware with ransomware.
We’ve seen a rise in the last few months of ransomware tactics like CryptoLocker, where a users’ data is locked and held to a ransom, usually for Bitcoin, by a remote attacker. The most recent and infamous case of late was the Oleg Pliss ransoms in Australia, where a Russian hacker was able to lock iPhones in Australia.
Entitled Svpeng, this new Trojan is also of Russian origin after hitting the customers of three of Russia’s largest banks. It does not steal credentials just yet, says Kaspersky Lab but may only be a matter of time.
When fully operational, Svpeng scours the infected phone for mobile banking applications and can steal login details. There are a number of bank apps that it currently targets including TD, Wells Fargo (News - Alert), and Bank of America.
Once the Trojan has gathered this control of your phone, it locks the screen and displays a fake FBI penalty message, demanding a fine of about $200.
“It is impossible to repel an attack of American Svpeng if a mobile device doesn't have a security solution - the malware will block the device completely, not separate files as Cryptolocker did. If it happens to you, you can do almost nothing,” explains Roman Unuchek, a senior malware analyst at Kaspersky Lab.
“The only hope for unlocking the device is if it was already rooted before it was infected; then it could be unlocked without deleting the data,” he says. “One more option to remove the Trojan if your phone wasn't rooted is to boot into 'Safe Mode' and erase all data on the phone only, while SIM and SD cards will stay untouched and uninfected.”
Cases such as these remind users why it’s vital to always back up your data.
Edited by Maurice Nagle
Back to Mobile Commerce Insider Home