Les vulnérabilités du VPN vous préoccupent ? Découvrez comment profiter de notre solution de migration VPN qui inclut 60 jours de service gratuit.

Blog Zscaler

Recevez les dernières mises à jour du blog de Zscaler dans votre boîte de réception

S'abonner
Recherche sur la sécurité

Dissection Of Zertsecurity - Banking Trojan.

image
VIRAL GANDHI
décembre 16, 2013 - 2 Min de lecture
Zertsecurity is a well known banking Trojan based on phishing schemes targeting German Android users.  Lets see how it works.
Image
After installing the application, it prompts the user for account and PIN numbers.
Image
The application takes the values of the account and PIN numbers via input boxes and saves them to the cfg.txt file. It then sends this file to a remote command and control (C&C) server master.
Image
You can see the hardcoded C&C server in the application.
Image
Also here you can see that the application is also asking for SMS receive permissions. It receives SMS messages from it's C&C server for commands to perform malicious activities. It also checks for the string “&Sign28tepXXX” in order to identify commands from the C&C server.
Image
Here you can see that the application is using AES and BASE64 encoding techniques for encryption.
Image
In this screenshot you can see the C&C messages being assembled.
 
Zertsecurity is a simple banking Trojan which was constructed for targeting phishing attacks against German Android users. It prompts for an account number and PIN, stores them in the cfg.txt file after encrypting the information using AES and base64 encoding algorithms. It also receives SMS from a hard coded C&C server for additional instructions.
References:
 
form submtited
Merci d'avoir lu l'article

Cet article a-t-il été utile ?

dots pattern

Recevez les dernières mises à jour du blog de Zscaler dans votre boîte de réception

En envoyant le formulaire, vous acceptez notre politique de confidentialité.