A new banking Trojan disguised as the popular messaging app WeChat is being used by cybercriminals to harvest the financial data of Android users in China.
WeChat, developed by Chinese company Tencent, has over 355 million users, and since many of them use it to make payments, the application a tempting target for cybercriminals.
The new banking Trojan, which Kaspersky Lab has dubbed Banker.AndroidOS.Basti.a, is made to look like the real WeChat app for Android. When installed, it requests permission to access the Internet, received SMSs, and other services.
Acording to Kaspersky, the malware developers have encrypted Banker.AndroidOS.Basti.a with App Shield, an online service that enables users to encrypt .apk file and add some layers of protection. However, experts have managed to decrypt the threat and they’ve determined that it can be an efficient phishing tool.
When the malicious app is launched, victims are presented with a page where they’re asked to enter their phone numbers, payment card numbers, PINs and other banking information. The harvested details are sent back to an email account controlled by the cybercriminals.
The Trojan’s source code contains the name of this email account and the password needed to access it. Based on what they’ve found in the account, researchers have determined that there already are many victims.
It’s not surprising that cybercriminals are increasingly targeting the messaging app. In March, Tencent introduced new features that enable users to make in-app payments. The company’s intention is to push even further into the mobile e-commerce market, but the fact that more and more users are linking the app to their financial data makes WeChat an even more tempting target.
Cybercriminals are not the only concern of WeChat customers. Chinese authorities have launched a new crackdown on WeChat and other messaging services because they believe their group chat features are being utilized to spread rumors and other harmful content.
China’s State Internet Information Office (SIIO) will target public accounts involved in fraud schemes, and ones that spread rumors and information about terrorism, violence and pornography, AFP reports.
