Android Banking Trojan MoqHao

McAfee security researchers warn of a new Android Banking Trojan MoqHao that is spreading in South Korea via SMS phishing messages.

A number of the messages include shortened URLs and messages that urge action such as “Why is your picture here? Click to find out” or “You are in the news! Please check.”

Once users click on the link, a JavaScript script on the web server checks the user agent of the browser, then displays an alert message asking the user to update Chrome to a new version.

This is a malicious fake Chrome Android app, also known as application package kit (APK), developed most likely by organized cybercrime groups since early this year and similar to other campaigns since 2015. 

McAfee lists a number of MoqHao malware capabilities such as: 

  • Sends phishing SMS messages to contacts listed in the infected device.
  • Leaks sensitive information, such as received SMS messages, to a remote server.
  • Installs Android apps provided by the control server.
  • Executes remote commands from the control server and returns results.
  • Attempts to gather sensitive information via a local Google phishing website.

See the entire McAfee report to include more in depth technical analysis of the new threat. 

Leave a Comment

Your email address will not be published. Required fields are marked *