The developers of the mobile banking trojan Gugi have introduced modifications to sidestep two key security features of Android 6, Kaspersky Lab researcher Roman Unuchek has reported in the Securelist blog.Gugi's “ultimate goal is to overlay banking apps with phishing windows in order to steal user credentials...” wrote Unuchek. However, unlike past iterations, Android 6 requires users to approve app overlays rather than automatically executing them, and also dynamically requires user permission before engaging in potentially dangerous in-app activities, such as SMS messaging or calls.Gugi primarily infects Russia-based device owners via SMS spam that claims the user has received an MMS photo, the blog post continues. When users attempt to view the photo, the new Gugi variant – first discovered in June 2016 – asks for the right to draw over other apps. However, users do not appear to have a choice other than to agree. Once Android's overlay permissions feature is defeated, Gugi next blocks users from accessing their phones' features until they grant additional permissions to perform various dangerous acts that Android 6's dynamic permissions feature was designed to prevent.
Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Incident Response, TDR, Threat Management, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security
Gugi mobile banking malware reportedly tweaked to defeat Android 6 security permissions
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



