Riltok

By GoldSparrow in Trojans

The Riltok malware is a banking Trojan, which targets Android devices. The first campaigns featuring the Riltok took place over one year ago, and this banking Trojan has been active ever since. Over 90% of the victims of the Riltok Trojan are located in Russia. Despite the initial campaigns only targeting Russian Android users, the authors of the Riltok banking Trojan have begun to expand their reach. Their operations in 2019 reveal that they are now targeting Android devices in the United Kingdom and France, among other European countries.

Infecting Your Device

The authors of the Riltok Trojan are using fraudulent text messages as their go-to infection vector. The text messages are tailored according to where the user is located. In Russia, the bogus text message claims that it would provide the user with free advertising if they download a seemingly legitimate application. These bogus applications are masquerading as legitimate Android software such as Leboncoin, Gumtree, Youla and Avito.

Once Riltok is on Your Device…

If the user falls for the Riltok banking Trojan’s tricks, they will be asked to allow the application to be the default text message application, as well as provide this bogus software with various permissions. If the user does not give consent, the application will continue to bother the victim consistently until they give in and grant the permissions requested. If the Riltok banking Trojan succeeds in this, it will contact the C&C (Command & Control) server of its creators. Then, the Riltok Trojan will present the user with a faux registration page to the advertising service promised. This way, the attackers will get the login credentials of the victim when they attempt to register for the bogus service. Most users tend to use the same password and username in most their accounts, and this is what the creators of the Riltok Trojan are counting on. The next step is scanning the Android device for mobile banking applications. When the Riltok Trojan detects a banking application, it will attempt to log into it using the credentials that the victim readily provided the attackers.

The Riltok Trojan has one more trick in the bag – this threat can spawn a fraudulent ‘Google Play’ pop-up, which would ask the user to fill in their credit card credentials.

When it comes to safety online, many people overlook the safety of their mobile devices. You should download and install a reputable anti-malware application to keep you safe from pests like the Riltok banking Trojan.

Trending

Most Viewed

Loading...