“Invisible Man” Android banking malware spreads as Flash Player

Fake Flash Player was noticed spreading new Android malware in 23 countries

“Invisible Man” Android banking malware spreads as Flash Player

Researchers discovered a new Android banking malware that works as a key-logger. Unfortunately, the virus already caused problems in 23 countries. The majority of attacks were in Russia, Germany, Turkey, Poland and France. [1]. Among other affected countries are the United Kingdom, Australia, and Singapore.[2]

Malware is known as “Invisible Man” is a new variant of Svpeng Android malware which authors were arrested by Russian authorities in 2015.[3] What is interesting that once malware gets inside the system, it checks language settings. Android users from Russia might feel safe. Malware stops the attack as soon as it finds out that the default language is Russian.

Android malware spreads as fake Flash Player. Fortunately, the malicious app does not spread in Google Play Store. It only spreads in unauthorized and insecure download websites. Therefore, users are informed to stay away from suspicious websites and download not only Flash Player but other apps from reliable sources only.

“Invisible Man” works as a key-logger and collects banking app login details

The malicious version of Android virus is designed to cover banking apps with invisible overlay and works as a key-logger.[4] Thus, it collects login details when users enter them. The malicious spyware might also communicate with its Command and Control server and perform one of these tasks:

  • read and send text messages,
  • make phone calls,
  • read contact list,
  • collect installed app info,
  • open phishing URLs.

When a user downloads an obfuscated Flash Player, it asks to get full permission to the Android accessibility services. The majority of users do not read these pop-up windows, so they agree with it. However, careful users should find this feature suspicious and stop its installation. Once this permission is given, cyber criminals get full access to the device.

Therefore, malware can not only steal banking details and money but cause privacy-related issues, such as identity theft. It doesn’t matter if you are using the latest and freshly updated smartphone or outdated OS, the malicious program can be installed and harm all devices.

Android banking Trojan prevents users from uninstalling it

The mobile banking Trojan is capable of preventing users from removing administrative rights from this malicious app. Undoubtedly, this feature allows protecting itself from the removal. What is more, it also prevents from adding or removing administrator rights for other apps.

Nevertheless, crooks can take the device to the hostage and keep it safely without having any intention of giving it back; you should fight against it. Using reputable mobile security software, you should be able to wipe out this cyber parasite entirely.

However, we highly recommend following mobile security tips[5]S and avoid using suspicious websites that offer to download mobile apps. You should always download necessary apps from Google Play Store and keep your Android protected with reputable antivirus. It's the only way to avoid “Invisible Man” malware.

About the author
Linas Kiguolis
Linas Kiguolis - Expert in social media

Linas Kiguolis is one of News Editors and also the Social Media Manager of 2spyware project. He is an Applied Computer Science professional whose expertise in cyber security is a valuable addition to the team.

Contact Linas Kiguolis
About the company Esolutions