In June of the last year, security researchers at Kaspersky Lab detected what they believed to be a spyware, which is designed to snoop on online activities of its victims. Fast forward today, the same researchers with the firm found that the malicious software evolved into a mobile banking malware.
It was reasonable to think of Asacub as a spyware then. During the earlier months of its activity, the malicious tool worked to steal data about browsing history, text messages and mobile contacts. These pieces of sensitive information were then stored to a server built by hackers for their malicious business.
Then just the other week, Kaspersky admitted to the transition of a beefed up version of the spyware that looks exactly like a banking malware, save for the fact that it is still named Asacub. The rest about the malware has been souped up: it now has a complete set of new functions and features from the previous version last seen in September of last year.
Asacub now appears to be a mobile banking Trojan that infects your bank accounts when you access them via a compromised mobile device. The banking malware’s latest features and functionalities enable the malicious software to intercept SMS, switch off a phone, shut the device screen and turn the phone into mute, in addition to its old feature of uploading text messages to a malicious server. It can also transmit GPS data to the attacker and take photos using the device’s camera.
The mobile banking malware also works to allow attackers to remotely execute various commands and view the results of a particular command. This kind of command is something that you will not see in most other malware. According to Kaspersky researchers, the remote command is unique to banking malware tools.
More to the point, the ability to enable the remote execution of a command suggests that the mobile banking malware incorporates the traits of a backdoor more than that of a banking malware because a banking malware is intended primarily to siphon off money from the bank account of a victim. In contrast, this kind of mobile banking malware appears to be controlling the device, which is somewhat different from what it is supposed to do.
For example, the Asacub version that emerged last year contained phishing screens that imitate the icons of various banks in Europe. The latest samples of Asacub now includes code that mentions banks in the absence of the phishing screens.
It is unclear at present whether the malware poses a threat to users in the United States, but the early versions of the Trojan contain the logo of a U.S. bank, suggesting the probability is not remote.