The SpyLocker Malware is the latest threat to Android users.
What is SpyLocker?
SpyLocker (SpyAgent) is a new Android threat that attempts to collect data from your device (such as your banking, Google, Skype, eBay, PayPal and WhatsApp account credentials) which it then sends to a remote server controlled by cybercriminals. Customers of large banking institutions are currently being targeted with SpyLocker.
A few days ago, SpyLocker (SpyAgent), a new Android banking malware that targets customers of large banks in Australia, New Zealand and Turkey, was detected. This banking malware steals login credentials from 20 mobile banking apps using fake login screens.
SpyLocker (SpyAgent) collects data on your device and sends it to a server. SpyLocker passes itself off as “Flash Player” with a legitimate icon. This malware generates an overlay to cover the launched banking application login screen. It behaves like a lock screen, which can’t be skipped unless you enter your online banking credentials. Once you enter your bank details and passwords, the information is recorded and passed to the server of cybercriminals.
SpyLocker not only focuses on mobile banking apps, but also tries to obtain your Google, Skype, eBay, and PayPal account credentials. The malware can even bypass two-step authentication by sending all received texts (SMS) to the server. This allows the attacker to intercept all text messages from the bank and immediately remove them from the client’s device, so as not to attract any suspicion.
If attempts to delete the fake Flash Player are made, a false overlay message will claim that the “Administrator will be deactivated”. This false warning blocks access to deactivate the device administrator privilege so you will not be able to complete the uninstall.
To avoid suspicion, the malware hides behind an Adobe Flash Player icon on any devices it has infected, making the user think it is a legitimate Flash Player app.
If you attempt to delete the fake Flash Player, a false overlay message will state: Administrator will be deactivated. This false warning will block the attempt to deactivate the malware’s Device Administrator privilege so you will not be able to complete the removal of the malware.
How do I know if my Android device is infected with SpyLocker?
There are a couple of ways to check if your Android device is infected with SpyLocker malware:
- Scan your device with internet security software. The scan will alert you if your device is infected.
- Alternatively, view your Device Administrators under Settings, Security, Device Administrators, and see if you have an instance of Flash Player listed there. If you are unable to remove it from the admin list, and you are blocked by an overlay screen, it is likely that your device is infected.
What versions of Android are affected?
SpyLocker malware can affect all Android devices running Froyo 2.2 or above. New variants are being discovered, which can target even the latest devices.
To know more how to protect your device you can call us on toll-free : +1-800-742-9005 .
