Asacub
The Asacub banking Trojan was first spotted back in 2015. This Trojan is Android-based and has managed to cause a fair bit of trouble over the years. The peak of the Asacub Banking Trojan’s activity was in 2017 when it was declared to be the most widely propagated Banking Trojan that is based on Android. The Asacub Trojan’s operators have introduced several updates in the four years that this threat has been active. Sometimes these updates will be introduced every few months further weaponizing the Asacub banking Trojan.
Table of Contents
Targets Russians Mostly
Most of the activity of the Asacub Trojan is concentrated in Russia. However, there have been campaigns targeting banks located in the United States, Poland, the Czech Republic and also Ukraine. The Asacub Trojan is not too complex, and the phishing messages that it displays to users contain an array of grammatical and spelling mistakes. The text is also a combination of both Latin and Cyrillic letters.
Propagation Methods
The propagation method employed by the creators of the Asacub Banking Trojan appears to be phishing text messages delivered to one’s mobile phone. The message will suggest that the users have to download an ‘.APK’ file if they want to view the engaging content that the operators are offering. This file, however, carries the payload of the Asacub Banking Trojan.
The authors of the Asacub Trojan have masked their creation as an MMS or SMS application with generic names such as ‘Message,’ ‘Avito Offer,’ ‘Photo,’ ‘SMS Message,’ etc. If the users fall for this and install the application, they will be asked for administrator permissions. It also will request to be set as the default text message app on the device. In case the users decline this offer, the bogus application will proceed to spam them with the same request until they agree.
Capabilities
The Asacub Trojan is capable of:
- Collect data from the contacts list.
- Read the text messages of the user.
- Send text messages.
- Halt the activity of any anti-malware apps present on the device.
- Halt the activity of any banking apps present on the device.
The last point is important particularly, as once the Asacub Trojan does this, the users will be forced to complete their banking transactions and requests via text messages instead of the banking application. Since the attackers have access to the text messages of the victims, they will be capable of getting all the information they need easily.
You should be very careful when downloading and installing new software. Threats like the Asacub Banking Trojan can cause great harm. Keep an eye out for applications, which are asking for too many permissions and avoid applications from untrustworthy sources.
