Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Chinese Users Targeted With Banking Trojan Disguised as WeChat App

A new banking Trojan disguised as the popular messaging app WeChat is being used by cybercriminals to harvest the financial data of Android users in China.

WeChat, developed by Chinese company Tencent, has over 355 million users, and since many of them use it to make payments, the application a tempting target for cybercriminals.

A new banking Trojan disguised as the popular messaging app WeChat is being used by cybercriminals to harvest the financial data of Android users in China.

WeChat, developed by Chinese company Tencent, has over 355 million users, and since many of them use it to make payments, the application a tempting target for cybercriminals.

The new banking Trojan, which Kaspersky Lab has dubbed Banker.AndroidOS.Basti.a, is made to look like the real WeChat app for Android. When installed, it requests permission to access the Internet, received SMSs, and other services.

Acording to Kaspersky, the malware developers have encrypted Banker.AndroidOS.Basti.a with App Shield, an online service that enables users to encrypt .apk file and add some layers of protection. However, experts have managed to decrypt the threat and they’ve determined that it can be an efficient phishing tool.

When the malicious app is launched, victims are presented with a page where they’re asked to enter their phone numbers, payment card numbers, PINs and other banking information. The harvested details are sent back to an email account controlled by the cybercriminals.

The Trojan’s source code contains the name of this email account and the password needed to access it. Based on what they’ve found in the account, researchers have determined that there already are many victims. 

It’s not surprising that cybercriminals are increasingly targeting the messaging app. In March, Tencent introduced new features that enable users to make in-app payments. The company’s intention is to push even further into the mobile e-commerce market, but the fact that more and more users are linking the app to their financial data makes WeChat an even more tempting target.

Cybercriminals are not the only concern of WeChat customers. Chinese authorities have launched a new crackdown on WeChat and other messaging services because they believe their group chat features are being utilized to spread rumors and other harmful content.

China’s State Internet Information Office (SIIO) will target public accounts involved in fraud schemes, and ones that spread rumors and information about terrorism, violence and pornography, AFP reports.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Chinese tech giant Huawei patched nearly 300 vulnerabilities in its HarmonyOS operating system in 2022.