Researchers have discovered a new version of the Android banking trojan BianLian that introduces the ability to record device screens and set of proxies.
Named after the Chinese art of “face-changing,” BianLian first appeared as a dropper in October 2018. But it quickly evolved and adopted banking trojan functionality, including overlay attacks that trick users (especially Turkish banking customers) into thinking they are interacting with their preferred financial institutions, when they are actually giving away their credentials to malicious actors.
Now, the addition of a screen recording module adds an intriguing spyware wrinkle, according toresearchers at Fortinet’s FortiGuard Labs, who uncovered the strain while undertaking their daily malware analysis. Indeed, in a July 3 company blog post, Fortinet analyst Dario Durando explained that this “Screencast Module” uses the Android package android.media.projection.MediaProjection to create a virtual display for screencasting.
“It first checks if the [device] screen is locked. If it is, it releases the lock and then starts its recording,” wrote Durando. The recording is started remotely, as with other functionalities, using FCM (Firebase ..
Support the originator by clicking the read the rest link below.
