Home Malware Programs Trojans Asacub

Asacub

Posted: September 3, 2019

Asacub is a banking Trojan for Android devices. Asacub harvests information related to SMS messaging and can misuse such credentials for initiating or hijacking cash transactions. This threat is also a significant hazard to the device's overall security, and users should have compatible anti-malware solutions delete Asacub with all due haste.

A Cub that's Grown Strong in the Wild

After its birth as the less-secure and more-limited Trojan-SMS.AndroidOS.Smaps, the Asacub banking Trojan has grown from these origins over the years. As a threat for Android devices, it uses more general-purpose attacks for collecting money than the specialized graphical overlays and interceptions of similar Trojans like BianLian, Hqwar or Cerberus. Its success is evident through following its development history, which goes back four years.

Asacub specializes in collecting data and money from Russian banking customers, although a minority of its attacks target other nations' residents. Typically, the Trojan disguises its network communications with RC4 encryption and additional encoding and retains a consistent C&C structure, which contrasts with the ongoing updates to its victim-side executable. It focuses on SMS-based features for harvesting information, initiating transactions, and spreading, such as:

  • Transferring address book data to its server.
  • Initiating calls.
  • Initiating SMS messages (to address book contacts or other numbers).
  • Intercepting SMS communications from banks (for collecting temporary passwords, etc.).

It also can terminate other programs, focusing on anti-virus solutions and Russian banking applications. Its SOP involves waiting for commands from its C&C, executing them along with optional parameters like wait times, and sending the results back to the server. Other instruction possibilities are notably variable between different builds of Asacub.

Some Offers are Worth Refusing

While Asacub represents a significant risk to your Android phone's privacy, your money, and your software security, it also harbors various characteristics that can help a victim identify it. Out of these behavioral tendencies, malware experts point most strongly to Asacub's infection methods, which use social engineering centering around free applications. These tactics misrepresent Asacub's installer as an application related to messaging or advertisements, such as Avito Offer or MMS Message.

Asacub can spread itself through its SMS messaging capabilities, which provide links to the tactic websites. Both the domains and the corrupted APK packages should be identifiable as being unsafe according to the rulesets of most cyber-security products. However, since Asacub updates many elements semi-regularly, users should consider patching their security software just as often.

Since this banking Trojan contains substantial anti-security and program-blocking features, malware experts can't endorse manual uninstallation routines for most users. However, professional anti-malware solutions can identify the majority of prominent banking Trojans on Android and should eliminate Asacub while they're scanning your device.

Since Asacub bases itself so highly on messaging abuse, users should stay alert to possible SMS tactics, even if they're coming from a known contact. Clicking a link from a trusted friend actually could be accepting a Trojan offer to take all your money – and your address book along with it.

Loading...