This month, Cleafy’s security researchers discovered a new Android Banking Trojan in the wild.
According to reports, the malware tool has been dubbed “Revive” because of its ability to restart itself if something goes wrong.
Cleafy, in a Monday advisory, explained that Revive was created to focus on a specific set of goals (currently, Spanish banks).
Researchers say Revive’s attack methodology is similar to that of other banking trojans because the malware still makes use of accessibility services to perform keylogging activities and intercept SMS messages from the target.
The Cleafy app would ask users to grant permissions for SMS and phone calls when they first installed the app using various social engineering techniques.
Revive would then redirect users to a cloned page (of the targeted bank) and prompt them to enter their credentials once the permissions had been granted.
Additionally, any two-factor authentication (2FA) or one-time password codes (OTP) codes sent via SMS or phone call by banks would then be sent to the C2 of the threat actors (TAs).
Last but not least, Revive would direct victims to a generic home page with links to the legitimate bank’s website in order to prevent users from becoming alarmed.
Cleafy’s initial analysis of Revive’s code revealed that both of the samples obtained by Cleafy currently have a very low detection rate by Antivirus solutions (AVs).
The Revive malware appears to be based on FastAPI, a Web framework for developing RESTful APIs in Python, and sections of the code of both malware instances appear to be similar, according to the security researchers who discovered the malware.
Nevertheless, the threat actors responsible for Revive would have altered it to perform account takeover attacks after that… (ATO). Cleafy categorised Revive as a banking trojan rather than spyware because of this difference.
A few days earlier, Cleafy had upgraded the BRATA Android malware group to the category of “advanced persistent threat” (APT).
Share this article
About the Author
Rutaba Rais is Editor at Be Encrypted with focus on Technology and Internet Security. Apart from her Healthcare background, she has interests in Lifestyle, Journalism, and expressing her opinion by her writing. You can follow her on Twitter.
More from Rutaba RaisRelated Posts
Microsoft Warns of New OAuth Phishing Attacks Targeting Cloud Accounts
Microsoft is warning of new cyber attacks using OAuth redirect features to abuse user authentication...
Conduent Ransomware Attack Exposes Data of Over 15 Million Americans
Conduent suffered a ransomware attack that exposed the personal data of 15.4 million Texans and many...
NCSC Chief: Clear Rules Needed to Prevent Cyberspace Conflict and Struggle
A safe and secure digital world necessitates a clear definition and enforcement of international cyb...
Asian Industrial Control Systems Targeted by Hackers Using the Shadowpad Backdoor
Unpatched Microsoft Exchange servers in various Asian countries were the target of an attack campaig...
Data Breaches Could Occur Due to Kubernetes Misconfigurations That Were Leaked.
Over 900,000 Kubernetes (K8s) have been discovered to be vulnerable to malicious scans and/or data-e...
Attacks by Cybercriminals Will Become the Main Threat in 2024. Privacy Issues Tendencies
Internet Privacy is the main Concern today Advertisers track your online activities and interf...
