Detect Date 08/20/2015
Class Trojan-Banker
Platform AndroidOS

Malware in this family obtains administrator rights on an infected device in a hidden way. The malware then shows a fake web page that is designed to fool the user. Using administrator rights, the malware intercepts requests when the user tries to access paid online services and online banks, such as Sberbank, Privat24, and Play Market. Trojan-Banker.AndroidOS.Svpeng intercepts a request and asks the user to enter his or her banking information.

This malware uses special methods to resist removal. For example, the program can:

  • Prevent the user from opening the settings window (by closing the window as soon as the user opens it).
  • Deceive the user by stating that device settings will be lost (factory reset).
  • Display a message that the user is entering an incorrect password, even though the password is the correct one.

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 Russian Federation 85.31
2 USA 9.49
3 Ukraine 0.90
4 Saudi Arabia 0.55
5 Germany 0.43
6 China 0.41
7 Iran 0.40
8 Uzbekistan 0.31
9 Kazakhstan 0.29
10 United Arab Emirates  0.22

* Percentage of all unique Kaspersky users attacked by this malware

Find out the statistics of the threats spreading in your region