Fri, Apr 28, 2017 | updated 09:54 AM IST

Gugi banking Trojan outsmarts new Android 6 Security

Updated: Sep 07, 2016 17:13 IST      
Gugi banking Trojan outsmarts new Android 6 Security

New Delhi [India], Sept. 7 (ANI): Kaspersky Lab experts have discovered a modification of the Gugi banking trojan that can bypass new Android 6 security features designed to block phishing and ransomware attacks.

The modified trojan forces users into giving it the right to overlay genuine apps, send and view SMS, make calls, and more. It is spread through social engineering and its use by cybercriminals is growing rapidly: between April and early August, 2016, there was a ten-fold increase in its number of victims.

The Gugi Trojan's aim is to steal users' mobile banking credentials by overlaying their genuine banking apps with phishing apps, and to seize credit card details by overlaying the Google Play Store app.

In late 2015, Android OS version 6 was launched, with new security features designed specifically to block such attacks. Among other things, apps now need the user's permission to overlay other apps, and to request approval for actions such as sending SMS and making calls the first time they want to access them.

Kaspersky Lab anti-malware experts have uncovered a modification of the Gugi Trojan that can successfully bypass these two new features.

Initial infection with the modified trojan takes place through social engineering, usually with a spam SMS that encourages users to click on a malicious link.

Once installed on the device, the trojan sets about getting the access rights it needs. When ready, the malware displays the following sign on the user's screen: "additional rights needed to work with graphics and windows". There is only one button: "provide."

When the user clicks on this, they are presented with a screen asking them to authorise app overlay. After receiving permission, the trojan will block the device screen with a message asking for 'Trojan Device Administrator' rights, and then ask for permission to send and view SMS and to make calls.

If the trojan does not receive all the permissions it needs, it will completely block the infected device. If this happens, the user's only option is to reboot the device in safe mode and try to uninstall the trojan, an activity that is made harder if the trojan has already gained 'Trojan Device Administrator' rights.

Aside from these security workarounds and a few other features, Gugi is a typical banking trojan: stealing financial credentials, SMS and contacts, making USSD requests and sending SMS as directed by the command server.

To date, 93 percent of users attacked by the Gugi Trojan are based in Russia, but its number of victims is on the rise. In the first half of August 2016 there were ten times as many victims as in April 2016.

"Cyber security is a never-ending race. OS systems such as Android are continuously updating their security features to make life harder for cybercriminals and safer for customers; cybercriminals are relentless in their attempts to find ways around this; and the security industry is equally busy making sure they don't succeed. The discovery of the modified Gugi Trojan is a good example of this. In exposing the threat, we can neutralize it, and help to keep people, their devices and their data safe," said Roman Unucheck, Senior Malware Analyst, Kaspersky Lab.

Kaspersky Lab advises Android users to take the following steps to protect themselves against the Gugi Trojan and other malware threats:

• Don't automatically agree to hand over rights and permissions when an app asks you to do so - think about what is being asked for, and why you are being asked for it.

• Install an antimalware solution on all devices and keep OS software up-to-date.

• Avoid clicking on links in messages from people you don't know, or in unexpected messages from people you do.

• Exercise caution at all times when visiting websites: if something looks even slightly suspicious, it probably is.

TheTrojan-Banker.AndroidOS.Gugi family has been known about since December 2015, with the modification Trojan-Banker.AndroidOS.Gugi.c first discovered in June 2016. Kaspersky Lab products detect all modifications of the Gugi Trojan malware family.

To read more about how the Gugi Trojan bypasses elements of Android 6 security, read the blog on Securelist.com.

Kaspersky Lab is a global cyber security company founded in 1997. Kaspersky Lab's deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe.

The company's comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. (ANI)

FreeCharge launches coupons to enhance user engagement

Updated: Apr 28, 2017 08:43 IST     

New Delhi [India], Apr 28 (ANI): Digital payment platform FreeCharge on Thursday announced the launch of coupons on its e-wallet to enhance user engagement and reactivation.

Full Story >>

77 percent Indian companies eyeing expansion in 2017: Survey

Updated: Apr 28, 2017 08:34 IST     

New Delhi [India], Apr 28 (ANI): Driven by positive economic sentiment, 77 percent of senior finance executives of Indian companies surveyed expect moderate to substantial economic expansion in 2017, according to the Global Business and Spending Outlook survey released on Thursday.

Full Story >>

New Delhi [India], Apr. 28 (ANI): A high-level committee, headed by finance secretary Ashok Lavasa, submitted its report on Thursday, on allowances of 47 lakh government employees, to Finance Minister Arun Jaitely.

Full Story >>

New Delhi [India], Apr 27 (ANI-NewsVoir): Bengaluru is set to play host to national and international cosmetic dermatologists at the 12th Edition of World Congress of Cosmetic Dermatology (WCOCD) from May 4th to 6th 2017 at Dr. Babu Rajendra Prasad International Convention Centre, GKVK.

Full Story >>

New Delhi [India], Apr 27 (ANI-BusinessWireIndia): Mech Mocha, an India-focused Bangalore-based mobile gaming start-up, today announced that it has raised USD five million Series A funding led by Accel Partners and Shunwei Capital and with participation from existing investor Blume Ventures.

Full Story >>

Treebo makes business travel easy with 'Treebo for Business'

Updated: Apr 27, 2017 16:29 IST     

New Delhi [India], Apr 27 (ANI): Largest hotel chain Treebo Hotels has announced the launch of 'Treebo for Business' to offer a seamless booking experience to its corporate clients, which will allow the users to check real-time room availability, make instant bookings, avail the customized rates offered to them, make online cancellations and access booking history and preferred choices of employees.

Full Story >>

New Delhi [India], Apr 27 (ANI-NewsVoir): Shardul Amarchand Mangaldas and co. (SAM and Co.) acted in relation to the Rs. 1,193 Cr. Offer For Sale (OFS) of National Aluminium Company Limited (NALCO).

Full Story >>

New Delhi [India], Apr 27 (ANI): Missouri State University has announced special scholarships for Indian students. During his visit to India Colonel Stephen Robinette Associate Vice President, International Studies, MSU, USA, made a number of important announcements for Indian Students.

Full Story >>

New Delhi [India], Apr 27 (ANI): Though the government has come out with a National Intellectual Property Rights (IPR) Policy to promote a robust intellectual property (IP) environment across India, we need an ecosystem to take a good idea to a logical end even before it is commercialised, Union Railway Minister Suresh Prabhu said at an ASSOCHAM event held in New Delhi last night.

Full Story >>

New Delhi [India], Apr 27 (ANI): ExportersIndia.com, a B2B marketplace and exporters directory that connects manufacturers, exporters, suppliers and buyers to generate value from unlimited online trade opportunities and buyer enquiries on Thursday announced that, apart from India, countries like China, Sri Lanka and Taiwan are also witnessing a glaring surge in cooling products, this summer season.

Full Story >>

OYO launches its first hotel in Kathmandu

Updated: Apr 27, 2017 15:04 IST     

New Delhi [India], Apr 27 (ANI): Aiming to venture into the market in Nepal, budget-hotels network OYO announced the launch of its debut hotel in Kathmandu, following its successful venture into Malaysia in January 2016, where it has now grown to 200 hotels.

Full Story >>

Cash Suvidha strengthens financial access to Indian students

Updated: Apr 27, 2017 14:55 IST     

New Delhi [India], Apr 27 (ANI-Businesswire India): Cash Suvidha, one of India's fastest growing Fintech company has recently announced its partnership with KrazyBee, a Bengaluru based micro-lending platform, with an aim of facilitating easy and quick financing solutions for college students to pursue their passion.

Full Story >>

New Delhi [India], Apr 27 (ANI): On the occasion of Akshaya Tritiya, online payment platform Paytm on Thursday announced its collaboration with India's only Internationally Accredited Refinery MMTC-PAMP to launch Digital Gold, enabling Indians to buy, store and sell pure gold instantly.

Full Story >>

New Delhi [India], Apr 27 (ANI): According to the J.D Power 2017 India Two-Wheeler Customer Service Index (2WCSI) Study released on Thursday, when service dealers effectively communicate with customers at key junctures while servicing a two-wheeler at original equipment (OE)-authorised service centers, overall customer satisfaction notably improves.

Full Story >>

New Delhi [India], Apr 27 (ANI): Tata Motors on Thursday signed a contract for the supply of 3192 units of the Tata Safari Storme 4x4 to the Indian Armed Forces, under a new category of vehicles - GS800 (General Service 800).

Full Story >>

New Delhi [India], Apr 27 (ANI): Dismissing the proposal put forth by a member of NITI Aayog, Minister of State for Finance Santosh Kumar Gangwar on Thursday stated that no taxes will be levied on agricultural income.

Full Story >>

Vihaan Networks bags North East connectivity project of BSNL

Updated: Apr 27, 2017 13:08 IST     

New Delhi [India], Apr 27 (ANI): Indigenous telecom equipment manufacturer Vihaan Network Limited (VNL) bagged Rs. 1648 crore telecom infrastructure project of state-owned Bharat Sanchar Nigam Ltd for providing connectivity in over 4000 villages in remote areas of Arunachal Pradesh and Assam.

Full Story >>

New Delhi [India], Apr 27 (ANI): Edelweiss Tokio Life Insurance, the joint venture between the Edelweiss Group and Tokio Marine Holdings of Japan, on Wednesday obtained approval from the Insurance Regulatory and Development Authority of India (IRDAI) for 'POS - Saral Nivesh' , which will be sold over the counter for the first time in India under the POS (Point of Sale) guidelines.

Full Story >>

PVR Cinemas signs five-theatre deal with IMAX

Updated: Apr 27, 2017 10:12 IST     

New Delhi [India], Apr 27 (ANI): Multiplex chain PVR Ltd. on Wednesday signed an agreement with IMAX Corporation to add five more IMAX theatres in the Indian market. Through this rollout, PVR cinemas will reach a count of 10 IMAX screens and retain its position as the largest IMAX partner in India.

Full Story >>

New Delhi [India], Apr 27 (ANI): According to the real estate advisory firm PropTiger.com's findings, the real estate sector

Full Story >>