Malware in this family obtains administrator rights on an infected device in a hidden way. The malware then shows a fake web page that is designed to fool the user. Using administrator rights, the malware intercepts requests when the user tries to access paid online services and online banks, such as Sberbank, Privat24, and Play Market. Trojan-Banker.AndroidOS.Svpeng intercepts a request and asks the user to enter his or her banking information.
This malware uses special methods to resist removal. For example, the program can:
Geographical distribution of attacks by the Trojan-Banker.AndroidOS.Svpeng family
Geographical distribution of detections during the period from 24 July 2014 to 27 July 2015
Top 10 countries with most attacked users (% of total attacks)
* Percentage of all unique Kaspersky Lab users attacked by this malware