Screen overlay malware on the rise as bot scum battle for dominance

Tanking PC trojans turn VXers to Android.


IBM malware murderer Limor Kessem says Android VXers are using legitimate screen overlay features to hose handsets.

Screen overlays do what it says on the can: applications with appropriate permission can monitor other apps and then overlay to allow entry or retrieval of data. The technique is legitimately used by popular applications like LastPass for filling in passwords and in modern Androids requires explicit user permission to run.

When used in malware, overlays trick users into entering data into a transparent malicious application that appears to be a legitimate application or web page.

Kessem says the popular GM Bot malware, one of the most prolific users of the screen overlay technique and among the priciest on the Russian malware scene, has since March increased its price from US$5000 to US$15,000.

"The mobile malware marketplace has been bustling with activity in the past few months," Kessem says.

"Mobile malware is becoming a central part of underground dealings and an important fraud frontier that’s growing in size and sophistication.

Mobile malware nowadays is picked up and operated by different ranks of cybercriminals — from professional, organised gangs to the least experienced forum readers who buy malware and rely on technical setup and support services from underground vendors."

Cheaper and less-featured knock-offs exist including Bial Bot, Cron Bot, and KNL Bot. Such inferior product costs between US$3000 and US$7000, but all sport screen-overlay robbing techniques.

KNL Bot is the closest to GM Bot in that it grants control over infected handsets to plunder banking credentials, can intercept SMS texts, and is "impossible to remove", according to authors.

It can also use SMS for command and control should victims suffer poor data connectivity.

Cron Bot is sold as a rental service, because there's no honour among thieves and its makers fear users would steal the code.

Kessem says screen overlay malware will likely become more prevalent, because it works.

The good news is that most secure apps, among them banking tools, seek out screen overlays and warn users when they appear.

FireEye researchers Wu Zhou, Junyuan Zeng, Linhai Song, and Jimmy Su have also analysed this class of malware, with their dissection of GM Bot and SlemBunk offering a nicely detailed look at their inner workings.

Mobile antivirus vendors routinely claim they can detect and crimp this class of threat. ®


Other stories you might like

  • Now that's wafer thin: Some manufacturers had less than five days of chip supplies, says Uncle Sam

    Components fabbed using 40nm-plus process nodes hit hard

    Hardware manufacturers hit hardest by the global semiconductor shortage had less than five days of chips in their inventories last year – and should expect supply chain issues to continue throughout 2022 – the US Department of Commerce said this week.

    Demand for semiconductors skyrocketed during the pandemic as folks purchased more PCs, laptops, and tablets to work or learn from home, and cloud giants scaled up their backend systems to cope. Supply, however, couldn't keep up. The median inventory of semiconductor buyers in 2019 was 40 days of supply. By 2021 that figure was down to less than five days for certain key US sectors, the department said in a report, while demand was up 17 per cent.

    Production was initially slowed at factories around the world due to shelter-at-home orders as the coronavirus pandemic took hold. Some facilities had to temporarily shut down after they were hit with natural disasters, such as fires and snowstorms. But between Q2 2020 and the end of 2021 fabs were operating at over 90 per cent capacity and still couldn't meet global demand.

    Continue reading
  • Baidu's AI predictions for 2022: Autonomous driving! Quantum computing! Space! Human-machine symbiosis!

    Did a computer program tell them to write this?

    Baidu Research's AI-centric "Top 10 Tech Trends in 2022" report has outlined the Middle Kingdom megacorp's predictions for technology over the coming year.

    Baidu CTO Haifeng Wang describes AI as a "key driving force of innovation and development," thanks to rapidly evolving core technologies, cross-domain connectivity, and expanding applications.

    It's no surprise that the list focuses on AI given Baidu's business domain. The Beijing-based company's search engine captures over 70 per cent of the Chinese market while also developing other products, particularly AI research and cloud computing. The research arm takes a deeper look at its associated technologies. Think Google but Chinese.

    Continue reading
  • Nvidia reportedly prepares for un-Arm'd fight with rivals: $40bn takeover may be abandoned

    Softbank, meanwhile, remains 'hopeful' it can offload Brit chip designer

    Nvidia is quietly preparing to give up on the purchase of Arm, according to Bloomberg, after repeatedly butting heads with competition regulators amid a wave of opposition from the tech industry.

    A report by the newswire states Nvidia privately told its partners it does not expect the Arm transaction to close. The report also claims Arm's current owner SoftBank is pressing ahead with an IPO of Arm.

    The $40bn bid Nvidia lodged for Arm in September 2020 has proved controversial: Arm licences its chip designs to multiple clients and some felt that buying the company will give Nvidia the power to stifle competition.

    Continue reading

Biting the hand that feeds IT © 1998–2022