Mamont Trojan, which preys on mobile banking users, especially those in Russian-speaking communities, is disguising itself as Google Chrome and infiltrating victim’s devices, posing a grave danger to personal and financial privacy.
The Trojan’s modus operandi hinges on deception at its core. By assuming the guise of Google Chrome, a widely trusted and popular web browser, the malware capitalists on users’ trust and familiarity.
Through cunningly crafted phishing and spam messages, the Trojan entices users to download and install it, exploiting its icon’s subtle differences — a near-replica of Chrome’s icon with a discreet black contour stroke.
“The malware mimics the icon of Chrome, making it almost indistinguishable from the real app, save for a black contour stroke in the logo, which might be easily overlooked when not paying attention,” the researchers noted.
Upon installation, the Mamont Trojan demands a range of intrusive permissions, including managing phone calls and accessing SMS messages. Under the pretext of offering a lucrative cash prize, the malware coerces users into entering their phone numbers and credit card details.
Once these permissions are granted, the Trojan initiates its nefarious activities, falsely assuring users of winning a cash reward and urging them not to uninstall the app for a specified period to claim their prize.
Threat actors have fine-tuned the malware to exploit vulnerabilities in mobile banking systems, especially among Russian-speaking users. The term ‘Mamont’ is used to denote cybercrime victims.
Once installed on the victims’ devices, the malware meticulously scans SMS messages for keywords related to financial services like PayPal and WebMoney. This stealthy reconnaissance allows the Trojan to intercept crucial information such as phone numbers, card details, and authentication codes, which are then relayed to the attacker’s Telegram channel for exploitation.
The repercussions of falling victim to the Mamont Trojan extend beyond financial loss. By intercepting and forwarding SMS messages to malicious actors, the malware jeopardises users’ privacy, potentially exposing personal conversations, sensitive data, and confidential information.
In light of this malware, experts emphasise several proactive measures, including source verification before downloading apps, caution when providing app permissions, keeping the operating system updated, and avoiding random links.
In the News: YouTube takes action against third-party ad-blocking apps
