Asacub Trojan Moves From Spyware to Mobile Banking Malware
Researchers with Kaspersky Lab identify how the Asacub mobile banking Trojan is making use of the same infrastructure as a Windows spyware Trojan.Security firm Kaspersky Lab is warning of an evolving threat from a mobile banking Trojan, dubbed Asacub, which appears to be using infrastructure elements that the CoreBot Windows spyware Trojan employs. Asacub emerged in June 2015 and was initially acting as an information-stealing Trojan that pilfered user contact lists and browser history. Kaspersky Lab's analysis shows that in late 2015 Asacub evolved to become a full-featured mobile banking Trojan that steals money from victims. The mobile banking evolution of Asacub includes features that enable the Trojan to show a phishing page for a banking application. "In total, we saw attempts to infect more than 16,000 of our users, according to data from our Kaspersky Security Network," Roman Unuchek, senior malware analyst at Kaspersky Lab, told eWEEK. "It is hard to say how many users were infected because many consumers still do not have any form of antivirus protection." For Asacub, getting onto user devices usually involves an effort to deceive the user into somehow installing a malicious application.
"They use SMS [Short Message Service] spam and phishing to force the user to install this Trojan," Unuchek said. "In most cases, it looks like an app to view images or MMS [Multimedia Messaging Service]."