“Kaspersky Lab” has detected mobile banking malware Trojan-Banker.AndroidOS.Gugi.c, which is able to circumvent built-in protection against phishing and ransomware on Android 6.
these are the mandatory security mechanisms as a request for an application to display its window on top of others, as well as for making calls or sending sms.
the Malware forces the user to provide him with the necessary privileges, otherwise it completely blocks the device. The main threat to the Trojan Gugi is for users in Russia – 93% of attacks were recorded here.
the Purpose of Gugi – to obtain sensitive financial information users, for example, credentials for mobile banking systems or credit card data. The Trojan closes the window, a Bank phishing application of their version, and all the data that the user enters on this fake page, I go straight to the attackers. With the same purpose, Gugi and covers the window of the official Google Play app store.
most Often, the Trojan gets to your device via sms spam with malicious links. Immediately after downloading the malware asks the user to grant it permission to display its window on top of others. Then the malware demands the right to commit more dangerous acts.
At the same time Gugi leaves the user no choice – victim of the Trojan can only agree to all conditions, clicking the only available button “Allow”, soumeli “Yugopolis” the press service of “Kaspersky Lab”.