Asacub Android Trojan: From Information Stealing to Financial Fraud
Kaspersky Lab, 20 January 2016
With millions of people worldwide using their smartphones to pay for goods and services, 2015 saw cybercriminals exploit this by focusing their efforts on developing malicious financial programs for mobile devices. For the first time, a mobile banking Trojan entered the Top-10 most prevalent malicious programs targeting finances. The Asacub Trojan is yet another example of this worrying trend.
The first version of the Asacub Trojan, discovered in June 2015, was capable of stealing the contact lists, browser history, list of installed apps, sending SMS messages to given numbers and also blocking the screen of an infected device – all standard functions for a typical information stealing Trojan.
However, in autumn 2015 Kaspersky Lab’s experts discovered several new versions of the Asacub Trojan which confirmed its transformation into a tool for stealing money, with the new version equipped with phishing pages mimicking log-in pages of banking applications. At first it looked like Asacub was targeting only Russian-speaking users, because the modifications contained fake log-in pages of Russian and Ukrainian banks. But after further investigation, Kaspersky Lab’s experts found a modification with fake pages of a large US bank. These new versions also contained a new set of functions including call redirection and sending USSD requests (a special service for interactive non-voice and non-SMS communications between the user and cellular provider), which made Asacub a very powerful tool for financial fraud.
