Threat Database Trojans DEFENSOR ID


By GoldSparrow in Trojans

The DEFENSOR ID threat is a newly uncovered banking Trojan, which targets Android devices. The DEFENSOR ID malware was hosted on the official Google Play Store. This malware was masked as a useful application that is meant to boost the security of the device and help the users protect their finances better. However, nothing can be further from the truth.

As soon as the DEFENSOR ID utility is installed on your device, it will demand access to Android's Accessibility Features. This should raise a red flag right way, as this has become a common trick used by cyber crooks that target Android devices. If the user allows the DEFENSOR ID access to Android's Accessibility Features, the threat will receive escalated privileges on the host. This may allow the DEFENSOR ID threat to access the user's email account, bank account, cryptocurrency wallets, as well as collect logs and personal information from their profiles on various social media websites. When the DEFENSOR ID malware is granted the requested permissions, it will be able to:

  • Collect information regarding the hardware and software of the infiltrated device.
  • Lock the screen.
  • Unlock the screen.
  • Imitate clicks and scrolls to interact with various applications that can be controlled via a remote server
  • Obtain text from any application, which would allow the attackers to collect personal conversation and logs, as well as use 2FA (Two-Factor Authentication) codes successfully.

The description written by the DEFENSOR ID threat's creators is in Portuguese entirely. This led malware experts to believe that most of the DEFENSOR ID malware's targets are likely located in Brazil and Portugal. Brazilian users are often targeted by the authors of various banking Trojans, so it comes as no surprise that the DEFENSOR ID threat is concentrating its efforts in this region as well.

According to cybersecurity researchers, there is another variant of the DEFENSOR ID Trojan, which also was hosted on the Google Play Store. The name of the threat in question is Defensor Digital. If you have installed either one of the two copies of this threat, it is best to use a modern, up-to-date anti-malware application to remove the Trojan from your Android device.


Most Viewed