Updated Svpeng Android Banking Trojan Has Keylogging Capabilities

Mobile users have quickly become a favorite target among cybercriminals. That is not entirely surprising, since there are more smartphones in existence than there are computers or laptops. A popular new Android malware is being openly sold on Russian hacking forums and has security researchers concerned. Svpeng is a well-known banking Trojan that is quite powerful.

Svpeng Android Banking Trojan Is a Big Problem

There is no shortage of malware in the Android ecosystem. Criminals have been attacking the operating system with all kinds of threats, including banking Trojans, keyloggers, info stealers, and others. Svpeng is just one of these threats, but it is extremely concerning. This banking Trojan only just started making the rounds last month and has already claimed several victims. Its rapid success is rather remarkable.

Svpeng has just received a major upgrade making the malware an even bigger threat. There is a major distribution campaign linked to this Android banking Trojan right now. The updated malware is being sold across Russian hacking forums at a very low price. Giving more people access to powerful banking Trojans such as this one will only cause more problems for consumers all over the world in the long run.

The story of Svpeng itself is pretty strange. It is one of the oldest Android malware families known to date, yet it has never amounted to much until recently. It was the first banking Trojan to employ tactics such as stealing money through SMS-based account management services, overlaying fake login screens, and introducing new ransomware features. Considering how Svpeng has been around since 2013, it shows that at least one person has been keeping tabs on this banking Trojan and has added new features in the process.

Svpeng’s most recent update includes a keylogger. This means the malware can successfully record anything the user types on his or her device without being aware of it. Interestingly enough, this is all made possible thanks to the Android Accessibility feature, which is used by other malware types as well. It means that most Android users would never know they were dealing with this banking Trojan in the first place, since there is no indication it is even active on the device.

Distribution of Svpeng occurs in creative ways as well. Right now, it is being distributed as an Adobe Flash application for the Android ecosystem. The previous versions of this banking Trojan were often distributed through malvertising, which has been a powerful tactic to get malware onto as many devices as possible. It appears that the new distribution campaign targets users on a global scale, allowing the developers to steal financial credentials from dozens of major banks in various countries.

The fact that this malware is now actively sold on Russian hacking forums will only further complicate the situation. It is being advertised as the CryEye banking Trojan, although that is not its official name. So far, however, there is no real reason to panic, as the seller has not yet gained the trust needed to generate significant sales. That situation could change instantly, though. Experienced users know that this is the new version of Svpeng, not a new banking Trojan altogether.