The malware uses keyloggers to steal usernames and passwords
Fresh Android malware targeting mobile banking customers has been discovered by cyber security firm Sophos Labs.
The malware dubbed Invisible Man is a keylogger that lurks in the Google Play Store as a bogus update for Adobe’s Flash Player.
Once downloaded, Invisible Man exploits permissions to accessibility settings whereby it then gains control over functions such as creating invisible overlays on banking apps and setting itself up as the default messaging app.
With such access the malware can suck up usernames and passwords by intercepting keystrokes.
Invisible Man also pops up an overlay on the Play Store to trick users into inputting their credit card details, which it then snatches.
One interesting characteristic with Invisible Man is that it will not infect Android devices with Russian language settings, which potentially provides a hit to the origin on the malware, which itself is a variant of the Svpeng malware who’s original creators got caught by Russia’s Ministry of the Interior back in 2015.
Given Invisible Man lurks behind Flash, which has long been a vector for spreading malware and executing cyber attacks, the solution to avoiding such malware problems is to stay away from downloading and installing unknown apps, especially those claiming to deal with the soon to be completely defunct software.
That being said, there has been a surge in banking malware across Europe this year, so simply avoiding Flash might not be keep you completely safe, and being vigilant of spam and phishing attacks will also be needed to defend against such cyber threats.