Android is the most popular system for mobile devices in the world. As a result, it is also the most vulnerable. No wonder that many viruses appear on it and are transmitted through applications. As it turns out, they do not have to be from an untrusted source. Applications from the Google Store are infected, such as the very popular QRecorder.
The QRecorder application was recently condemned to 10,000 downloads. It was at the moment when it came out that it is simply a banking Trojan. It turns out that devices that were infected with malware can be much more. Sorry to admit that this program was promoted by the developer who introduced it to the repository. The most vulnerable are primarily bank accounts and those to which users gain access through client applications. It turned out that yes, the app allows you to record conversations – what was its main purpose. However, it was not the only thing she did. Its secondary purpose is to take over SMS messages with one-time codes or those that involve even two-factor authentication.
It seems dangerous – and for good reason.
This is a really big problem. However, this is not the end. Next, the program identifying the banking application, logs in to it using the captured data and attempts to transfer the account to the thief’s account. QRecorder also allows you to steal user data, forcing the user to enter data. Seemingly, the accounts of Czech banks, such as Raiffeisen Bank, ČSOB and Česká Spořitelna, are primarily at risk. However, it is not proven that other banks are also not influenced by the Trojan. Experts have shown that it is also possible to take over accounts at Air Bank, Equa, ING, Bawag, Fio, Oberbank and Bank Austria.
You probably wonder what mechanisms the QRecorder uses.
Well, the answer is simple. The application uses BankBot (Anubis I), a banking Trojan that has not been widely spread. The information on the network shows that so far only attacks on two users of the Android system from the Czech Republic have been registered. Both people lost a total of 11 thousands EUR. However, it is not said that the transfers were less. Specialist think that such transfers were simply for a smaller amount, and thus simply unnoticeable. At the beginning QRecorder appeared in safe versions. As you can guess, he gained the trust of users, and he did it to build a brand and base of positive comments. Hypocrisy-level hard! The Trojan appeared after the last update in the application. Fortunately, Google has already reacted to this incident and removed the proposal from the repository. Of course, if you have this application, or – even worse – you still have it, get rid of it and check the antivirus systems on your smartphones as soon as possible.