Security researchers have flagged a new Android trojan, or malware strain, that is very different from the usual crop of banking trojans. Most modern trojans work on the existing codebase or share at least one similar pattern with other malicious programs. But the new banking trojan, identified as “RatOn”, appears to be built from the ground up. It shares no similarities with other malware.
The new banking trojan on Android takes a completely different approach
As reported by The Hacker News, the RatOn Android trojan was identified by Threat Fabric while searching for a different malware linked to NFC-based payment thefts. What makes this Trojan concerning is its scale and sophistication. The Trojan, instead of being linked to a single infected app, takes a completely different approach. It is a part of a much larger campaign and involves multiple applications.
Due to this one major distinction, the chances of the Trojan reaching a larger number of unsuspected Android users worldwide are pretty high. Once installed on a device, it enables the attackers to carry out financial fraud.
RatOn can initiate an automatic money transfer without your consent
What’s even more concerning about this malware is its ability to initiate automated money transfer (ATS). On top of this, it uses a custom overlay attack that makes it kind of difficult to distinguish it from a legit banking or finance app. It looks very authentic and therefore enables the victims to share their payment credentials.
It doesn’t end here. The report also adds that the RatOn Trojan can display a “fake lockscreen” on the Android device, which tricks the victim into paying money to “unlock” their device. To lure victims, the hackers are using domain names with adult content or terminology, such as TikTok18+. These sites are used as a gateway to install malware locally on the devices.
The researchers also reveal that RatOn is linked with another malware strain, called the NFSkate. These Android malware exploits NFC for contactless payment theft. Its direct link with the strain suggests that it is a part of an extensive operation that combines different tactics to maximize financial gains or fraud.
Given the rise of such dangerous banking trojans, Android users should exercise caution before sideloading any applications. Users must avoid apps promoted through non-verified and adult-themed websites. If possible, they must restrict the app installs from the Google Play Store.
#Android #Trojan #RatOn #Emerges #Major #Banking #Privacy #Threat
