Android users have a new threat to worry about: keylogging malware that masquerades as a bogus Flash update and steals banking data. Needless to say, criminals in possession of your credentials will happily suck your bank accounts dry.
SophosLabs detects the malware as Andr/Banker-GUA and is blocking it from customers. Also known as “Invisible Man,” the malware is a variant of Svpeng whose original authors fell foul of Russia’s Ministry of the Interior in 2015.
The malware starts by checking your phone’s language settings. If the phone is set to Russian, the malware aborts. If it’s anything else then it proceeds to ask permission to use accessibility services.
