Smartphone malware

Nexus is the name of a banking trojan that targets Android devices in order to extract banking and finance-related information. According to the detailed research conducted by Cyble, this trojan is assumed to be a rebranded version of the S.O.V.A trojan which has similar capabilities. As a rule, banking trojans acquire access to the targeted device by disguising themselves as legitimate apps and asking users to enable Android Accessibility Services in order to use the app's features or the app itself. Unfortunately, if permissions like this get enabled for trojanized apps, they will misuse them to grant additional permissions, prevent users from disabling them, and turn off various security measures like Google Play Protect. It is known that Nexus targets over 40 popular banking applications. To force users into entering sensitive information (e.g., passwords, passcodes, IDs, usernames, etc.), the virus downloads the appropriate HTML injection code to create a fake overlay of a specific bank app that a victim is using. This way users enter their log-in credentials without suspecting they could be recorded and sent to the cybercriminals' servers afterward.

Vip.lucky-gifts-center.com is a scam service that provides users an opportunity to participate in giveaways. This website sends a message to your iPhone that can be seen in the notification bar. If opened, you will be presented with a congratulation message claiming that you have been selected out of 100 users to take part in the survey and win awesome prizes. If you completed the survey successfully, you will be offered to choose 1 of 2 prizes (iPhone XS or Samsung Galaxy S9). On this page, you can see the remaining quantity of products and shipping prices that should be paid to get your prize. Unfortunately, this is a trap and you will not get your promised gifts. Do not give your personal data like home addresses to shady figures because they can exploit it for revenue purposes. Instead, ignore these messages and head down our guide to remove them from your devices.

BrasDex is categorized as a banking virus that infects Android (and Windows) devices to access bank accounts and steal money from victims. This specific banker has been observed targeting victims in the Brazilian region - recently via a fake banking app named "Brazilian Banco Santander". Previously, it used to infiltrate devices by disguising itself as essential Android settings applications. BrasDex abuses Accessibility Services to record the information entered into banking applications. However, instead of showing overlaid (fake) screens to bait users into entering their log-in credentials, it instead keyloggers them inside targetted banking applications themselves. Unlike other banking malware, BrasDex also employs an ATS (Automated Transfer System) mechanism, which allows cybercriminals to perform fraudulent transactions in an automated way - therefore automating malicious business and increasing illegal profits. In addition, it is also known that BrasDex exploits a popular Pix fast payment system that was developed by the Central Bank of Brazil. This makes its easier for cybercriminals since all they require is the victim's identifier (which can be an email, CPF, phone number, or random ID). Please note that the Pxi system is not vulnerable - threat actors simply use this system to speed up the process of fraudulent transfers. A lot more technical information about BrasDex can be discovered in this report made by ThreatFabric. BrasDex is a dangerous virus that can cause unpleasant financial losses and privacy issues - thus, make sure to read our guide below and delete this devastating malware from your device. Once done, it is also important to change your log-in credentials.

GodFather is the name of a banking trojan that targets Android devices. Developers behind this malware seek to exfiltrate account credentials and use them for accessing 400+ online banking pages and crypto exchanges across 16 countries worldwide. The GodFather trojan functions by creating overlaid log-in screens and displaying them over legitimate apps or web pages. This way, it tricks users into entering their login data on fake screens, which allows threat actors to access finance-related accounts and abuse them for financial fraud. Before GodFather becomes capable of performing such malicious action, it needs users to allow certain permissions (access to SMS texts and notifications, screen recording, contacts, making calls, recording to external storage, and reading the device status) in the Accessibility Service window. The trojan does it by imitating the legitimate "Google Protect" tool, therefore making the process look ordinary and less likely to trigger suspicion from users. After the permissions are granted, the trojan gets complete liberty to run its malicious actions. GodFather also abuses the granted access to complicate manual removal, steal two-factor authentication codes, process different commands, and hijack data from PIN and password fields. If you want to learn more about the technical specs of GodFather banking trojan, you can check out this page. In summary, GodFather is a highly-devastating infection that can lead to significant financial losses, which is why it must be removed completely and without traces from your device. Use our guide below to do it.

Almost every popular browser can brag about the inbuilt push notifications feature that allows users to subscribe to notifications from various websites such as news portals and receive them right on the desktop. This way, users can get a faster and more convenient experience by staying aware of the latest updates from the desired webpage. In some cases, however, inexperienced users may become victims of dubious pages that promote unwanted or malicious ads by tricking users into allowing their push notifications. Such pages often display fake messages similar to "Press Allow to verify that you are not a robot", "Download is ready. Click Allow to download your file", and so forth. After allowing push notifications from such websites, the user's desktop will start being continuously bombarded by unwanted notifications that promote redirects to suspicious/malicious pages. No matter which type of website you've eventually subscribed to, read our guide below to turn off normal and also potentially malicious push notifications if that is the case.

Cypher is a remote administration trojan (RAT) promoted by cybercriminals to control Android devices and run a number of malicious actions on them. Once it hacks an Android device, threat actors become able to manage almost the whole device for achieving their purposes. Cypher is also a public trojan that can be purchased by anyone in form of subscription plans on the developers' website. One of the special features that cybercriminals behind Cypher get access to is the so-called clipboard hijacker. It is designed to substitute copied addresses of crypto wallets with ones owned by trojan owners. In other words, if a victim runs some cryptocurrency transaction while the trojan is on the smartphone, cybercriminals will be able to stealthily replace the copied address and receive the payment to their wallet instead. Apart from this, Cypher RAT has a plethora of other capabilities typical for such malware. For instance, it can change smartphone wallpapers, manage calls and SMSs, force-open various apps, manipulate the screen, memorize keyboard strokes, take screenshots, use a microphone to record incoming audio, analyze the device location, download additional software, read 2-factor authentication codes, imitate log-in windows, and other such functions aimed at benefiting cybercriminals in any desired way.

Clicker is a malicious piece of software that infects Android-based devices. Upon successful infiltration, the malware waits out some time before running its actions - most likely to prevent any suspicion from users. The main purpose of Clicker is to stealthily browse various webpages in the background, away from the consent of users. While doing this, the program seeks to extract browser-related information, such as history, IP-addresses, geolocations, and other potentially useful information. The collected data can be sold to shady companies for targeting internet users with low-quality advertising campaigns. When Clicker Malware runs its unwanted activity, users might begin to spot significant drops in browsing and internet performance in general. To run its actions, the malware requires a lot of network resources, therefore, leading to cuts in the speed of the internet. Unless you use an unlimited data tariff or Wi-Fi connection, the malware can also make you experience financial loss driven by increased usage of mobile data. At the moment, these are the all known functionalities implemented by Clicker Malware, however, not excluded that future versions (if released by developers) will acquire a broader range of features that may be even more harmful than these. If you suspect your smartphone to be infected with Clicker or some other malware, we thereby recommend you delete it using our instructions below.

FlyTrap is a trojan infection designed to steal Facebook accounts and use them for future abuse. An authoritative security company named Zimperium researched this malware and confirmed its activity across 100+ countries with at least 10,000 users affected by it. According to reports, many have been affected by FlyTrap via a malicious application that promotes coupons, discounts, and other similar content. Clicking on such content can lead to a fake verification window demanding login credentials for a Facebook account. After successfully retrieving the inserted data and accessing the targetted Facebook account, FlyTrap becomes able to inject malicious JavaScript code in order to collect sensitive information (e.g., IP-addresses, geolocations, e-mail addresses, internet cookies, tokens, etc.). The stolen accounts may thereafter be abused for scamming friends or spreading malware via malicious links or attachments. Thus, FlyTrap is a dangerous infection that may lead to massive security problems and compromise users' identities. Follow our guide below to get rid of the virus from your Android smartphone. After doing so, it is important to change passwords and notify your friends/contacts about the committed hacking.