A new Android malware “Revive” presents itself as a 2FA application

July 8, 2022
Android Malware Revive 2FA Fake Application Mobile Apps Phishing Banking Trojan

Researchers discovered a new Android malware called Revive that targets the BBVA bank accounts in Spain by impersonating its 2FA app. The malware focuses its attacks on the bank and its customers.

The Android malware heavily depends on phishing attacks to target victims. The phishing messages instruct the targeted customers that the 2FA app included in the authentic banking application is insufficient. The customer will also be told to download an additional 2FA tool for account security.

The customers will then be redirected to an impersonated website that contains a video tutorial for downloading and installing the fake 2FA app. Revive will automatically request permission to use the Accessibility Service if the installation is successful. If the user approves, it will give the threat operators full control of the screen, screen tapping, and device navigation.

 

The Android malware, Revive, can gain several permissions, resulting in different impacts on the targeted device.

 

Revive prompts the targeted users to enable the app access to phone calls and messages to redirect them to the phoney bank webpage. The webpage can then ask for the users’ credentials that the threat actors, upon input, will exfiltrate.

Hence, the threat actors can steal the credentials via keylogging activities or phishing pages.

In addition, Revive adopts a control panel to harvest passwords and intercept messages. The threatening aspect of this malware is that it is highly undetectable for many companies.

Furthermore, cybersecurity vendors have limited opportunities to record these entities and develop identification features. Short-lived attacks also allowed malicious threat groups to stay hidden extensively. Additionally, they also acquire substantial time to localize their attacks.

Revive holds a lot of overlaps with the Teradroid malware since both have similarities in the web framework, functions, and API.

Cybercriminals are becoming more destructive, so companies, especially the financial sector, should strengthen their security protocols to stay safe. Training employees in spotting such threats could also lessen the possibility of infections. Lastly, banks should employ competent cybersecurity tools to mitigate the effects of banking trojans.

About the author

Leave a Reply