Copybara malware variant infects and controls Android systems
A new variant of the banking Trojan Copybara is currently spreading via phishing attacks on Android smartphones and tablets.
(Image: Balefire / Shutterstock.com)
New variants of Copybara malware are currently spreading on Android devices worldwide. The malware exploits Android's accessibility service to manipulate infected devices. The Android Accessibility Service is a framework that enables the development of functions such as screen magnifiers, voice control, gesture control and switch control. These services support users with visual, hearing or mobility impairments through alternative interaction methods.
This new malware is based on the well-known Copybara Trojan, which has been active since 2021. The Trojan has nothing to do with the open source tool of the same name, which is used to copy repositories. As the Cybersecurity news portal reports, the new variant was first detected and analyzed in November 2023. This revealed that the new Trojan had been significantly enhanced and now has various new functions. The features now include key logging, intercepting SMS messages, taking and forwarding screenshots, stealing login credentials and the ability to control Android devices remotely. The malware uses the MQTT protocol to transmit control commands.
Spread via unsafe downloads
It is spread by installing manipulated apps, which then download malicious code. Cyber criminals try to trick potential victims into installing the malicious code via SMS phishing (smishing) or voice phishing (vishing) using contact details that have been specifically spied out. Corresponding download pages also disguise the malware as an extension for Google Chrome or an IPTV service app to trick victims into installing it without thinking. Security experts generally warn against downloading apps from unknown websites or sources outside verified app stores. However, it is not difficult to protect yourself against malware, as this article on heise online describes.
Videos by heise
Recently, Copybara malware attacks have been observed in connection with financial fraud, whereby this malware is said to have been developed using the B4A framework (Basic4Android). The app disguises itself as a regular financial app and lures victims to prepared phishing pages targeting cryptocurrency exchanges and financial institutions. These pages look almost indistinguishable from the original and aim to steal account details and personal data from victims or redirect transfers.
(usz)
