Russian experts found spread in the country of the virus for the Android system, which monitors the users and trying to get information from a credit card, according to Avast antivirus vendors blog.
«Trojan causes their victims to give administrator rights, non-stop displaying a pop-up window with the appropriate request. In case of failure of window pops up again. The new virus spread using social engineering technique: trick users are forced to follow a link and install ostensibly useful app. In particular, criminals disguise Trojans under AVITO-MMS applications, KupiVip or MMS Center “, – reported in the Avast blog.It is noted that to get rid of intrusive requests the virus can only be restarting the device, and then dropping it to the factory settings. “Owners of Android Marshmallow may try to enter the settings and remove intrusive application manually by using the top” blind “in the system”, – stated in a blog post.
Once the virus gets administrator rights, it starts to continuously display a pop-up window with the requirement to assign the downloaded AVITO-MMS, MMS Center KupiVip or application for default SMS-messages.
«If the user agrees to it, the Trojan communicates with the management server sends the device information to the C & amp; C (command and control) server and receives from intruders further commands. Sent to the server information includes the device serial number, country code, mobile operator’s name and serial number of SIM-card, Android-version of the device, the phone number and the current version of the virus, “- reported by the antivirus makers.
«For the first time the Trojan was spotted in February 2016, it is on this month had the highest number of infections. Most of the Android: Banker-IR affected users from Russia, USA, Germany and the Czech Republic “, – stated in a blog