The rise of mobile banking Trojans is not a joke. In fact, we are increasingly using mobile devices to browse the web, shop and go into our bank account, which makes it essential for us to improve our security. Today we will talk to you about Rotexy, a mobile spyware that has turned into a banking Trojan and can work as ransomware, hijacking your device. The spyware is responsible for tens of thousands of recent attacks. We will explain how to protect ourselves against this kind of threats.
Rotexy, a spyware that turns into a banking Trojan and ransomware
Rotexy is not a new threat. It was actually discovered years ago, although it worked as a mobile spyware. The most pressing issue now is that cyber security experts have discovered that the spyware has turned into a banking Trojan. It can even work as ransomware, which we know is a type of threat that hijacks a device and demands a ransom.
Researchers found out that Rotexy can get instructions via the Google Cloud Messaging (GCM) service that delivers messages in JSON format to mobile devices. It can also use a command and control server, which is typical for this type of malware.
Kaspersky found the threat in several European countries, although they were actually not the first target.
The banking Trojan uses fake webpages to carry out phishing attacks. It tricks the victim into entering their bank data, which then is sent to a server controlled by the attacker. This is a really serious problem. As we said above, more and more users trust their mobile devices when doing bank-related stuff on them.
Additionally, the threat’s developers added a page that mimicked a legitimate bank and locked the screen until the victim provided their information. To make it more believable, the threat included a virtual keyboard that allegedly offered protection.
Aw we said above, the threat also works as ransomware. The goal is to block the phone and demand a ransom. The device is only unblocked when the ransom has been paid.
However, security researchers found a way to unblock the affected phone. The user has to send “3458” via SMS, which revokes the admin privileges.
How to protect ourselves against Rotexy and other similar threats
Rotexy’s case is not unique, even if it acts in several ways. There are a lot of banking Trojans and other threats that mainly affect mobile devices. This is why we must find a way to protect ourselves.
The first advice is to download apps from official websites and stores. By doing so, we will avoid installing software that might have been maliciously modified.
Additionally, having security programs and tools is essential. We showed you some of the best options for Android in a previous article, which is how we can face possible malware threats.
Lastly, keeping our OS up to date is essential. There are vulnerabilities that compromise the devices’ security, so manufacturers launch security patches to mitigate them.