Threat Database Mobile Malware Revive Banking Trojan

Revive Banking Trojan

Cybercriminals are targeting the customers of a specific Spanish bank with a previously unknown banking Trojan malware. The threat is tracked by infosec experts as Revive and it is designed to infect Android devices. The goal of the attackers is to assume control over the bank accounts of their victims and then siphon funds out of them.

The threat masquerades as a new 2FA (Two-Factor Authentication) security application that is supposedly being released by the targeted bank. Once installed on the device, Revive tries to obtain various permissions under the Accessibility Service feature. If successful, the Trojan can perform numerous invasive actions on the device. The attackers can obtain sensitive information via keylogging routines, intercept SMS messages, and more. Thanks to these abilities, the threat can obtain incoming 2FA and OTP (One-Time Passwords) codes and passwords.

However, the main functionality of Revive consists of opening a fake screen designed to closely mimic the official page of the targeted bank. Users will be asked to enter their login credentials. The provided information will then be transmitted to the Command-and-Control server of the operation.


Most Viewed