Catelites

There has been one hacking group, which has contributed to the development of Android-based Banking Trojans, and this is the Cron hacking group. They are believed to originate from Russia, and despite the success of their campaigns, which garnered them heaps of cash, they ended up being caught by the Russian law-enforcement authorities in 2017. However, some of their hacking tools are still being propagated online by other ill-minded actors. One of these tools is the Catelites Android Banking Trojan (also known as Catelites Bot).

Poses as a Legitimate Application

The creators of the Catelites Banking Trojan have made sure to put some effort into making this threat appear as an authentic application. It is likely that the Catelites Trojan is hosted on shady application stores or third-party web pages that host dubious content. In several past campaigns the operators of the Catelites Banking Trojan have been known to mask their hacking tools as legitimate SMS and MMS applications but, in this case, experts are not certain if the same technique has been implemented.

Collects Login Credentials

If the user installs the Catelites Trojan, the threat will appear as an application named 'System Application.' When you attempt to open this bogus application, you will be asked for an assortment of permissions. The Catelites Banking Trojan is relentless in pursuing these permissions, as it will keep spamming the user with the same prompt until they agree to grant all the permission required. If you end up granting the requested permissions, the Catelites Trojan will continue its attack by removing the initial 'System Application' icon and instead replace it with three other icons. The three icons are meant to represent reputable applications – Google Play, Google Chrome, and Gmail. Naturally, these are bogus copies of legitimate applications. If the users open one of these applications, they will be urged to fill in their login credentials, which will then be stolen by the attackers and transferred to their server. The goal of the Catelites Trojan is to harvest as much banking credentials as possible.

The Catelites Banking Trojan uses a basic HTMP template that prompts the victims to enter their login credentials. The design of the overlay is meant to be able to mimic more than 2,200 financial entities worldwide. The Catelites Trojan displays the fake overlay over the legitimate application when it is opened and tricks the users into filling in their banking information.

It is never advised to install software that is hosted on third-party websites. This is usually where all sorts of dodgy applications are residing. Threats like the Catelites Banking Trojan may end up costing you dearly. It also is very important to download and install a reputable anti-malware application to keep your device secure.