Trojan-Banker.AndroidOS.Svpeng

Detect Date 08/20/2015
Class Trojan-Banker
Platform AndroidOS
Description

Malware in this family obtains administrator rights on an infected device in a hidden way. The malware then shows a fake web page that is designed to fool the user. Using administrator rights, the malware intercepts requests when the user tries to access paid online services and online banks, such as Sberbank, Privat24, and Play Market. Trojan-Banker.AndroidOS.Svpeng intercepts a request and asks the user to enter his or her banking information.

This malware uses special methods to resist removal. For example, the program can:

  • Prevent the user from opening the settings window (by closing the window as soon as the user opens it).
  • Deceive the user by stating that device settings will be lost (factory reset).
  • Display a message that the user is entering an incorrect password, even though the password is the correct one.

Geographical distribution of attacks by the Trojan-Banker.AndroidOS.Svpeng family

svpenggeoimg-1-2

 

Geographical distribution of detections during the period from 24 July 2014 to 27 July 2015

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 Russian Federation 85.31
2 USA 9.49
3 Ukraine 0.90
4 Saudi Arabia 0.55
5 Germany 0.43
6 China 0.41
7 Iran 0.40
8 Uzbekistan 0.31
9 Kazakhstan 0.29
10 United Arab Emirates  0.22

* Percentage of all unique Kaspersky Lab users attacked by this malware