Posted: September 3, 2019

Asacub Description

Asacub is a banking Trojan for Android devices. Asacub harvests information related to SMS messaging and can misuse such credentials for initiating or hijacking cash transactions. This threat is also a significant hazard to the device's overall security, and users should have compatible anti-malware solutions delete Asacub with all due haste.

A Cub that's Grown Strong in the Wild

After its birth as the less-secure and more-limited Trojan-SMS.AndroidOS.Smaps, the Asacub banking Trojan has grown from these origins over the years. As a threat for Android devices, it uses more general-purpose attacks for collecting money than the specialized graphical overlays and interceptions of similar Trojans like BianLian, Hqwar or Cerberus. Its success is evident through following its development history, which goes back four years.

Asacub specializes in collecting data and money from Russian banking customers, although a minority of its attacks target other nations' residents. Typically, the Trojan disguises its network communications with RC4 encryption and additional encoding and retains a consistent C&C structure, which contrasts with the ongoing updates to its victim-side executable. It focuses on SMS-based features for harvesting information, initiating transactions, and spreading, such as:

  • Transferring address book data to its server.
  • Initiating calls.
  • Initiating SMS messages (to address book contacts or other numbers).
  • Intercepting SMS communications from banks (for collecting temporary passwords, etc.).

It also can terminate other programs, focusing on anti-virus solutions and Russian banking applications. Its SOP involves waiting for commands from its C&C, executing them along with optional parameters like wait times, and sending the results back to the server. Other instruction possibilities are notably variable between different builds of Asacub.

Some Offers are Worth Refusing

While Asacub represents a significant risk to your Android phone's privacy, your money, and your software security, it also harbors various characteristics that can help a victim identify it. Out of these behavioral tendencies, malware experts point most strongly to Asacub's infection methods, which use social engineering centering around free applications. These tactics misrepresent Asacub's installer as an application related to messaging or advertisements, such as Avito Offer or MMS Message.

Asacub can spread itself through its SMS messaging capabilities, which provide links to the tactic websites. Both the domains and the corrupted APK packages should be identifiable as being unsafe according to the rulesets of most cyber-security products. However, since Asacub updates many elements semi-regularly, users should consider patching their security software just as often.

Since this banking Trojan contains substantial anti-security and program-blocking features, malware experts can't endorse manual uninstallation routines for most users. However, professional anti-malware solutions can identify the majority of prominent banking Trojans on Android and should eliminate Asacub while they're scanning your device.

Since Asacub bases itself so highly on messaging abuse, users should stay alert to possible SMS tactics, even if they're coming from a known contact. Clicking a link from a trusted friend actually could be accepting a Trojan offer to take all your money – and your address book along with it.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Asacub may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.