Summary: Cyble researchers have uncovered a new Android banking trojan called “TsarBot” that employs overlay attacks and targets over 750 applications, including banking and e-commerce apps. The malware can steal credentials, record screens, and execute on-device fraud by using Accessibility services. It spreads via phishing sites masquerading as legitimate token trading platforms.
Affected: Android users and various banking, finance, cryptocurrency, payment, social media, and e-commerce applications
Keypoints :
- TsarBot uses overlay attacks to steal credentials and can also record and control the screen.
- The malware spreads through phishing sites by offering fake download options and implants itself using a dropper application.
- It can execute commands to conduct on-device fraud while cloaking its actions with a black overlay screen.
Source: https://thecyberexpress.com/tsarbot-android-banking-trojan-malware/