Skip to content

Mamont banking trojan masquerades as Chrome to infect devices

  • by
  • 3 min read

Mamont Trojan, which preys on mobile banking users, especially those in Russian-speaking communities, is disguising itself as Google Chrome and infiltrating victim’s devices, posing a grave danger to personal and financial privacy.

The Trojan’s modus operandi hinges on deception at its core. By assuming the guise of Google Chrome, a widely trusted and popular web browser, the malware capitalists on users’ trust and familiarity.

Through cunningly crafted phishing and spam messages, the Trojan entices users to download and install it, exploiting its icon’s subtle differences — a near-replica of Chrome’s icon with a discreet black contour stroke.

“The malware mimics the icon of Chrome, making it almost indistinguishable from the real app, save for a black contour stroke in the logo, which might be easily overlooked when not paying attention,” the researchers noted.

Upon installation, the Mamont Trojan demands a range of intrusive permissions, including managing phone calls and accessing SMS messages. Under the pretext of offering a lucrative cash prize, the malware coerces users into entering their phone numbers and credit card details.

Notice the black ring around the malicious Chrome app. | Source: G Data CyberDefense

Once these permissions are granted, the Trojan initiates its nefarious activities, falsely assuring users of winning a cash reward and urging them not to uninstall the app for a specified period to claim their prize.

Threat actors have fine-tuned the malware to exploit vulnerabilities in mobile banking systems, especially among Russian-speaking users. The term ‘Mamont’ is used to denote cybercrime victims.

Once installed on the victims’ devices, the malware meticulously scans SMS messages for keywords related to financial services like PayPal and WebMoney. This stealthy reconnaissance allows the Trojan to intercept crucial information such as phone numbers, card details, and authentication codes, which are then relayed to the attacker’s Telegram channel for exploitation.

The repercussions of falling victim to the Mamont Trojan extend beyond financial loss. By intercepting and forwarding SMS messages to malicious actors, the malware jeopardises users’ privacy, potentially exposing personal conversations, sensitive data, and confidential information.

In light of this malware, experts emphasise several proactive measures, including source verification before downloading apps, caution when providing app permissions, keeping the operating system updated, and avoiding random links.

In the News: YouTube takes action against third-party ad-blocking apps

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: