Catelites shares similarities with the malware used for CronBot. CronBot is a banking Trojan, hid within a host of fake apps, some designed to look like authentic online banking apps, some designed to look like pornography apps, and was used by a cybercriminal gang to steal over USD 900,000.
This malware gets “dropped” onto users’ device after they download an app from a third-party app store (not official shops like Google Play) or from malicious adware (malvertisements) or phishing sites. The malware aims for users’ bank account login details as it has the ability to pose as belonging to one of over 2,200 banks and financial institutions.
The Avast Threat Lab team has been analysing this malware, and it appears to have a host of other functions built in, though not yet activated. These include intercepting all incoming and outgoing SMS messages, setting ringer and stream volume to mute, and retrieving all running tasks from other apps. In addition, it can persistently ask for specific admin rights that could wipe data from devices or even lock users out completely.
Avast recommends users to stay alert of any strange requests for admin rights and if something doesn’t look right when opening an account for example, customers are advised to shut it down.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now