Sun, Feb 26, 2017 | updated 08:05 PM IST

Gugi banking Trojan outsmarts new Android 6 Security

Updated: Sep 07, 2016 17:13 IST

New Delhi [India], Sept. 7 (ANI): Kaspersky Lab experts have discovered a modification of the Gugi banking trojan that can bypass new Android 6 security features designed to block phishing and ransomware attacks.

The modified trojan forces users into giving it the right to overlay genuine apps, send and view SMS, make calls, and more. It is spread through social engineering and its use by cybercriminals is growing rapidly: between April and early August, 2016, there was a ten-fold increase in its number of victims.

The Gugi Trojan's aim is to steal users' mobile banking credentials by overlaying their genuine banking apps with phishing apps, and to seize credit card details by overlaying the Google Play Store app.

In late 2015, Android OS version 6 was launched, with new security features designed specifically to block such attacks. Among other things, apps now need the user's permission to overlay other apps, and to request approval for actions such as sending SMS and making calls the first time they want to access them.

Kaspersky Lab anti-malware experts have uncovered a modification of the Gugi Trojan that can successfully bypass these two new features.

Initial infection with the modified trojan takes place through social engineering, usually with a spam SMS that encourages users to click on a malicious link.

Once installed on the device, the trojan sets about getting the access rights it needs. When ready, the malware displays the following sign on the user's screen: "additional rights needed to work with graphics and windows". There is only one button: "provide."

When the user clicks on this, they are presented with a screen asking them to authorise app overlay. After receiving permission, the trojan will block the device screen with a message asking for 'Trojan Device Administrator' rights, and then ask for permission to send and view SMS and to make calls.

If the trojan does not receive all the permissions it needs, it will completely block the infected device. If this happens, the user's only option is to reboot the device in safe mode and try to uninstall the trojan, an activity that is made harder if the trojan has already gained 'Trojan Device Administrator' rights.

Aside from these security workarounds and a few other features, Gugi is a typical banking trojan: stealing financial credentials, SMS and contacts, making USSD requests and sending SMS as directed by the command server.

To date, 93 percent of users attacked by the Gugi Trojan are based in Russia, but its number of victims is on the rise. In the first half of August 2016 there were ten times as many victims as in April 2016.

"Cyber security is a never-ending race. OS systems such as Android are continuously updating their security features to make life harder for cybercriminals and safer for customers; cybercriminals are relentless in their attempts to find ways around this; and the security industry is equally busy making sure they don't succeed. The discovery of the modified Gugi Trojan is a good example of this. In exposing the threat, we can neutralize it, and help to keep people, their devices and their data safe," said Roman Unucheck, Senior Malware Analyst, Kaspersky Lab.

Kaspersky Lab advises Android users to take the following steps to protect themselves against the Gugi Trojan and other malware threats:

• Don't automatically agree to hand over rights and permissions when an app asks you to do so - think about what is being asked for, and why you are being asked for it.

• Install an antimalware solution on all devices and keep OS software up-to-date.

• Avoid clicking on links in messages from people you don't know, or in unexpected messages from people you do.

• Exercise caution at all times when visiting websites: if something looks even slightly suspicious, it probably is.

TheTrojan-Banker.AndroidOS.Gugi family has been known about since December 2015, with the modification Trojan-Banker.AndroidOS.Gugi.c first discovered in June 2016. Kaspersky Lab products detect all modifications of the Gugi Trojan malware family.

To read more about how the Gugi Trojan bypasses elements of Android 6 security, read the blog on Securelist.com.

Kaspersky Lab is a global cyber security company founded in 1997. Kaspersky Lab's deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe.

The company's comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. (ANI)

New Delhi [India], Feb. 26 (ANI): North India Sotheby's International Realty organised its first ever Global Luxury Realty Conclave in association with the Confederation of Indian Industry (CII) yesterday.

Full Story >>

New Delhi [India], Feb 25 (ANI): India Inc's salary hikes in 2017 are projected to be at an eight-year low as per a survey by Aon Hewitt, which noted that the average pay hikes will be 9.5 percent across industries.

Full Story >>

New Delhi [India], Feb 25 (ANI): Talking about the performance of the Bharat Interface for Money (BHIM) app of the government, Niti Aayog CEO Amitabh Kant said that the app has successfully recorded 17 million downloads so far, which is a world record in itself.

Full Story >>

New Delhi [India], Feb. 25 (ANI): Expressing concern over a lukewarm response on allowing small and medium scale shop-keepers to remain open for all seven days, ASSOCHAM persisted to the Centre to persuade states to approve and adopt the Shops and Establishments Bill draft, in order to promote retail trade in the country.

Full Story >>

New Delhi [India], Feb 25 (ANI-NewsVoir): PHD Chamber organized a unique first of its kind PHD Golf Tourism Conclave and Golf Tournament 2017 on February 24-25, 2017 in Pune with a focus on making India a favored Golfing Destination in the world.

Full Story >>

New Delhi [India], Feb. 25 (ANI): A few months ahead of the incorporation of the much-awaited Goods and Services Tax (GST), Chief Economic Advisor Arvind Subramanian revealed that internal trade has drastically improved; this being a boon to the country's progress in the wake of GST.

Full Story >>

New Delhi [India], Feb. 25 (ANI): According to a survey conducted by online citizen-engaging platform LocalCircles, over 90 percent participants have stated that the Maximum Retail Price (MRP) of medical instruments, particularly stents and orthopaedic implants, should be printed on the device itself. Additionally, citizens have demanded that all such medical devices must be brought under Packaged Commodity Rules at the earliest

Full Story >>

New Delhi [India], Feb 24 (ANI): Enforcement Directorate on Friday issued show cause notice dated February 16, 2017 to CC Thampi and his three companies including Holiday City Centre, Holiday Properties, and Holiday Bekal Resorts Pvt. Ltd respectively for contravention of provisions of section 6 (3) (b), 6(3)(e), 6(3)(f), 6(3)(i) read with Section 47(3) and Section 6(6) of Foreign Exchange Management Act,1999 for the aggregate amount of Rs. 288 crore.

Full Story >>

New Delhi [India], Feb 24 (ANI-BusinessWireIndia): As the saying goes, "there are no free lunches in the world" yet here is an organisation that proposes to do just that for you. The story of a social initiative in Odisha that aims to encourage and motivate digital transformation of an entire nation.

Full Story >>

London [United Kingdom], Feb.24 (ANI): The third Indo-UK Thought Leadership Awards took place on February 22. Awards were presented to individuals from India and the UK who have been contributing to strengthening bilateral relations between India and the UK.

Full Story >>

New Delhi [India], Feb. 24 (ANI): Businesses in Mexico, China and India are increasingly turning to technology to power successful growth, reveals new global research by Epicor Software Corporation, a global provider of industry-specific enterprise software to promote business growth.

Full Story >>

New Delhi [India], Feb 24 (ANI-NewsVoir): MAX the country's largest International fashion brand, recently launched the third edition of MAX Design Awards. After receiving tremendous response from across, over the last two years, MAX is geared up for its third edition to provide a platform for fashion designing students to unleash their creativity and connect with the world of fashion.

Full Story >>

New Delhi [India], Feb 24 (ANI): Despite an increase in the job market in the first half of 2017, finding the right talent will prove difficult for recruiters due to an on-going talent crunch. This sentiment has emerged from Naukri's Hiring Outlook survey 2017 a half yearly survey conducted to gauge the hiring sentiment across companies and industries.

Full Story >>

New Delhi [India], Feb. 24 (ANI): Online fashion portal, Jabong, announced its exclusive partnership with the leading iconic headwear brand New Era, available for men, women and kids.

Full Story >>

New Delhi [India], Feb. 24 (ANI-NewsVoir): Three members from the Internet of Things group at Next Tech Lab, SRM University won the Industrial IoT-AR/VR Make-a-thon organised by the IESA Vision Summit 2017.

Full Story >>

New Delhi [India], Feb. 24 (ANI): Online holiday portal, Travkart.com, announced the hiring of financial advisory firm, Global CFO, which provides virtual CFO and fund-raising services to companies.

Full Story >>

New Delhi [India], Feb. 24 (ANI): Following the successful solar implementation at Cochin International Airport, Ganges Internationale Private Limited (GIPL), a multifaceted technology company, bagged its second project to install 11MW module mounting structures, thus enabling Cochin airport to be the world's first 'Green Airport'.

Full Story >>

New Delhi [India], Feb. 24 (ANI): India-based Software-as-a-Service (SaaS) player, Djubo, launched an app facilitating property management system for hotels, titled Djubo Cloud PMS.

Full Story >>

New Delhi [India], Feb.23 (ANI): The government, in consultation with the Reserve Bank of India(RBI), has decided to issue Sovereign Gold Bonds 2016-17-Series IV.

Full Story >>

New Delhi [India], Feb.23 (ANI): The Central Board of Excise and Customs (CBEC) has launched a mobile application for Goods and Services Tax (GST) to inform the taxpayers of the latest updates on GST among others.

Full Story >>