The alarms were turned on by a dangerous virus known as “Hydra”.According to the portal specialized in computerto-day, it is amalwaretrojan-style that affects Android phones.Stealing their banking credentials from their victims and it also obtains credentials pursescryptocurrencies.
In its beginnings was directed exclusively to the banking sector in Turkish, but in the last few studied samples has been detected, the incorporation of new entities fromEuropeandlatin america.
The trojan gets into the device, thanks to fake applications.It is especially dangerous because the same can be downloaded in both non-formal and in themarketplaceofficialapps, “googleplaystore“.
Naturally, the situation alerted Android users, the main banks in the region and even some cryptocurrency exchanges that are also affected by its operation.
One of the novel aspects of the attacker is that it also targets the crypto ecosystem. This makes it possible to steal user accounts and even their wallets. The family of this type of virus is not new, it was detected for the first time in 2018 but it was not until 2019 when the malware began to incorporate banking Trojan features.
As usual for a malicious app, it will repeatedly try to get all permissions from the device in an insistent manner. It will insist until the user is forced to grant permissions, because it loops until they are accepted.
Eleven successful, the virus will hide the application icon making it very difficult for the user to uninstall the sample. Furthermore, the malware will be found monitoring the user's access to system settings and any attempt to undo the permissions will be blocked.
Detect and prevent the virus
To avoid installing this type of virus, it is best to avoid downloading applications from suspicious websites in the first place. An everyday example is WhatsApp Plus , through the APK mechanism. On the other hand, it is also recommended not to grant all the permissions to the apps and especially when they are doubtful permissions, such as device control or SMS review.
On the other hand, if an app exhibits strange behavior , such as blocking cell phone use unless certain permissions are given, it is most likely to Hydra virus (or other type of Trojan) in disguise .
Among the most important characteristics of the virus are:
- Anti-Emulation : In order to prevent it from running in the analysis environments, it has different checks.
- Remote control of the device : The TeamViewer application is downloaded and then the icon is hidden and used to take control of the device.
- SMS monitoring : Allows you to view all the SMS messages on the victim's device, both the default application and other applications used for the same purpose.
- Notification monitoring : Observe and control all notifications on the device.
- Application control : Allows you to install and uninstall any application.
- PIN Component : Methods to control and reset the PIN of the device.
- Control of USSD codes .
- SOCKS5 : Implements a SOCKS5 proxy server.
- Keylogger : Capable of recording the keystrokes made on the keyboard.
- Commands : Manager of commands received by the C2.
- Injections : Allows injections of cookies/Webviews.
Beyond the large number of European countries where the presence of "Hydra" could be detected, in Latin America it was detected by Argentina, Colombia and Peru .
إرسال تعليق