Thu, Mar 23, 2017 | updated 05:50 AM IST

Gugi banking Trojan outsmarts new Android 6 Security

Updated: Sep 07, 2016 17:13 IST

New Delhi [India], Sept. 7 (ANI): Kaspersky Lab experts have discovered a modification of the Gugi banking trojan that can bypass new Android 6 security features designed to block phishing and ransomware attacks.

The modified trojan forces users into giving it the right to overlay genuine apps, send and view SMS, make calls, and more. It is spread through social engineering and its use by cybercriminals is growing rapidly: between April and early August, 2016, there was a ten-fold increase in its number of victims.

The Gugi Trojan's aim is to steal users' mobile banking credentials by overlaying their genuine banking apps with phishing apps, and to seize credit card details by overlaying the Google Play Store app.

In late 2015, Android OS version 6 was launched, with new security features designed specifically to block such attacks. Among other things, apps now need the user's permission to overlay other apps, and to request approval for actions such as sending SMS and making calls the first time they want to access them.

Kaspersky Lab anti-malware experts have uncovered a modification of the Gugi Trojan that can successfully bypass these two new features.

Initial infection with the modified trojan takes place through social engineering, usually with a spam SMS that encourages users to click on a malicious link.

Once installed on the device, the trojan sets about getting the access rights it needs. When ready, the malware displays the following sign on the user's screen: "additional rights needed to work with graphics and windows". There is only one button: "provide."

When the user clicks on this, they are presented with a screen asking them to authorise app overlay. After receiving permission, the trojan will block the device screen with a message asking for 'Trojan Device Administrator' rights, and then ask for permission to send and view SMS and to make calls.

If the trojan does not receive all the permissions it needs, it will completely block the infected device. If this happens, the user's only option is to reboot the device in safe mode and try to uninstall the trojan, an activity that is made harder if the trojan has already gained 'Trojan Device Administrator' rights.

Aside from these security workarounds and a few other features, Gugi is a typical banking trojan: stealing financial credentials, SMS and contacts, making USSD requests and sending SMS as directed by the command server.

To date, 93 percent of users attacked by the Gugi Trojan are based in Russia, but its number of victims is on the rise. In the first half of August 2016 there were ten times as many victims as in April 2016.

"Cyber security is a never-ending race. OS systems such as Android are continuously updating their security features to make life harder for cybercriminals and safer for customers; cybercriminals are relentless in their attempts to find ways around this; and the security industry is equally busy making sure they don't succeed. The discovery of the modified Gugi Trojan is a good example of this. In exposing the threat, we can neutralize it, and help to keep people, their devices and their data safe," said Roman Unucheck, Senior Malware Analyst, Kaspersky Lab.

Kaspersky Lab advises Android users to take the following steps to protect themselves against the Gugi Trojan and other malware threats:

• Don't automatically agree to hand over rights and permissions when an app asks you to do so - think about what is being asked for, and why you are being asked for it.

• Install an antimalware solution on all devices and keep OS software up-to-date.

• Avoid clicking on links in messages from people you don't know, or in unexpected messages from people you do.

• Exercise caution at all times when visiting websites: if something looks even slightly suspicious, it probably is.

TheTrojan-Banker.AndroidOS.Gugi family has been known about since December 2015, with the modification Trojan-Banker.AndroidOS.Gugi.c first discovered in June 2016. Kaspersky Lab products detect all modifications of the Gugi Trojan malware family.

To read more about how the Gugi Trojan bypasses elements of Android 6 security, read the blog on Securelist.com.

Kaspersky Lab is a global cyber security company founded in 1997. Kaspersky Lab's deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe.

The company's comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. (ANI)

New Delhi [India], Mar 22 (ANI): EdgeMakers, the San Francisco headquartered company that has developed the world's first comprehensive learning system for Innovation and the related discipline of Entrepreneurship that is implemented at leading schools across the world, today announced that it plans to work with 10,000 students across 200 schools in Delhi, Mumbai, Hyderabad and Bangalore.

Full Story >>

Lok Sabha passes Finance Bill

Updated: Mar 22, 2017 18:20 IST

New Delhi [India], Mar 22 (ANI): The Lok Sabha on Wednesday passed the Finance Bill after various amendments presented by Union Finance Minister Arun Jaitley.

Full Story >>

New Delhi [India], Mar 22 (ANI): Samsung on Wednesday announced the launch of its flagship mobile payments service, Samsung Pay in India for simple and secure purchases almost everywhere with a swipe or tap using a debit or credit card.

Full Story >>

New Delhi [India], Mar 22 (ANI-BusinessWireIndia): Nourish You made a foray into the health food market with quinoa and chia seeds two years ago, becoming the first suppliers of these "superfoods" in the country. The company aims to further expand its product portfolio by introducing healthy snack options like health bars, cookies and quinoa pastas in the near future.

Full Story >>

New Delhi [India], Mar 22 (ANI): Union Finance Minister Arun Jaitley on Wednesday proposed to make Aadhaar mandatory for filing of the Income-Tax returns as well as for obtaining the Permanent Account Number (PAN), thereby allowing only cheque contributions to electoral trusts.

Full Story >>

New Delhi [India], Mar 22 (ANI-BusinessWireIndia): The Grand Challenges India (GCI) meeting was inaugurated at Ashok Hotel, New Delhi. The meeting is being hosted by Program Management Unit at BIRAC (PMU-BIRAC), jointly supported by Department of Biotechnology (DBT), Government of India; Bill & Melinda Gates Foundation and Wellcome. The meeting was inaugurated by the Union Minister for Science and Technology and Earth Sciences, Dr. Harsh Vardhan, and was attended by a large number of senior national and international dignitaries from various fields.

Full Story >>

RBI signs MoU with Central Bank of Nigeria

Updated: Mar 22, 2017 16:28 IST

New Delhi [India], Mar 22 (ANI): The Reserve Bank of India on Wednesday announced its Memorandum of Understanding (MoU) on "Supervisory Cooperation and Exchange of Supervisory Information" with the Central Bank of Nigeria

Full Story >>

New Delhi [India], Mar 22 (ANI-NewsVoir): Dr. Morepen Ltd., a wholly-owned subsidiary of Morepen Laboratories Ltd., has introduced a specialized therapy in the area of preventive cardiology and diabetology in a non-hospital environment for the first time in India.

Full Story >>

New Delhi [India], Mar 22 (ANI): FreeCharge on Wednesday announced promotion of Ankit Khanna to Chief Operating Officer of the company.

Full Story >>

New Delhi [India], Mar 22 (ANI): Credit rating agency ICRA on Wednesday estimated that total housing credit outstanding in India slowed down to 16 percent for the 12 months ending December 31, 2016 vis-a-vis 19 percent in FY2016 with the overall housing credit being Rs. 1 3.7 trillion as on December 31, 2016 (Rs. 12.4 trillion as on March 31, 2016).

Full Story >>

New Delhi [India], Mar 22 (ANI): India's leading online lending marketplace CoinTribe has announced a strategic alliance with SMERA Ratings Limited.

Full Story >>

New Delhi [India], Mar 22 (ANI): TIRUN, the exclusive India Representative of Royal Caribbean International is constantly on the lookout to offer Indian travelers more relevant cruise opportunities.

Full Story >>

New Delhi [India], Mar 22 (ANI): The decision on whether or not to impose import duty on wheat is under final stages of consideration of the Union Ministry of Agriculture and Farmers Welfare, a top official said at an ASSOCHAM event held in New Delhi today.

Full Story >>

New Delhi [India], Mar 22 (ANI): Online marketplace Snapdeal has announced that its recently launched GST Guru program has met with phenomenal response, with over 10,000 sellers accessing the program, within the first few weeks of its launch.

Full Story >>

New Delhi [India], Mar. 22 (ANI): Circle Creation Entertainment had launched the campaign to celebrate International Women's Day. Through this campaign women will get a chance to be the part of business consultation which is available for a year to the first 100 female entrepreneurs at a surprising fee of just Re.1.

Full Story >>

New Delhi [India], Mar 22 (ANI): In the session on 'Partnership in Progress: Indo- Canadian Co-Productions' at FICCI FRAMES 2107, the spotlight was on the mysteries associated with co-production. It provided an overview of what Canada has to offer as a co-production partner. No matter what the preferred partnership approach for carrying out your project, Canada has a great deal to offer.

Full Story >>

New Delhi [India], Mar 22 (ANI-NewsVoir): Melbourne based Monash University's Institute of Railway Technology (IRT) signed an agreement with DFCCIL (Dedicated Freight Corridor Corporation of India Limited), a state-owned corporation in India to assist with the establishment of a new research and development institute in India. The agreement was signed on March 16, 2017 in New Delhi, India.

Full Story >>

Delhi: Shell companies racket busted

Updated: Mar 21, 2017 22:23 IST

New Delhi [India], Mar. 21 (ANI): The Enforcement Directorate (ED) today produced Surendra Kumar Jain and Virendra Jain, before the Special Court after arresting them on March 20, for offences of money laundering using shell companies.

Full Story >>

New Delhi [India], Mar. 21 (ANI): The Reserve Bank of India (RBI) on Tuesday imposed a monetary penalty of Rs. 5, 00,000 on Eko India Financial Services Private Limited, in exercise of the powers vested under the provisions of section 30 of the PSS Act, 2007 for not adhering to RBI instructions and wrongful reporting.

Full Story >>

New Delhi [India], Mar. 21 (ANI): The Healthcare Federation of India (NATHEALTH) on Tuesday said that the National Health Policy (NHP) 2017, unveiled by the government clearly indicates that it has incorporated the recommendations of the apex healthcare sector body in terms of public spending, expanding of primary healthcare, private sector engagement digital health among others.

Full Story >>