Catelites
Catelites is a banking Trojan with possible connections to the threat actors responsible for widespread deployment of Cron previously. Like Cron, it compromises bank account information through various attacks and uses freeware downloads for distributing itself. Users should keep anti-malware products for Android to delete Catelites as need demands and change any passwords that the Trojan might collect immediately.
The Advantages of Simplicity in Thievery
Information collectors from the Anubis Trojan to XLoader will, often, depend on attacks that target specialized banking services and application interactions for leveraging maximum psychological manipulation. Catelites, however, a sidegrade or successor to the Cron banking Trojan, demonstrates the value in the opposite approach. For a threat that aims at a broader strategy for collecting money and breaking into accounts, simple, one-size-fits-all HTML can suffice.
Catelites shares much of its panel and C&C-controlling elements with Cron, along with the same, general purpose of its payload. Both Trojans compromise Android smartphones and trick their users into providing sensitive information, such as credit card numbers. How Catelites is different lies in its imitation of banking applications. It uses a generic, HTML-formatted overlay, which is the same between different application presentations, excepting some imagery like icons. While this disguise is less believable than a company-specific template, it also lets Catelites target the customers of over two thousand banking institutions.
Through the above attack, Catelites collects passwords, login names, and credit card details. It also has a non-banking application strategy for data theft: fake shortcuts for Chrome, the Google Play Store and Gmail. These shortcuts, bolstered by pop-up notifications that malware experts note as being persistent, redirect users to more, corrupted copycat pages for harvesting their information.
Catching a Simple Con in the Early Stags
Catelites uses similar infection vectors to those of the other Android-based banking Trojans of its time. These include:
- Corrupted advertisements may deliver Catelites via fake update requests or free media downloads. Update tactics for streaming media content (such as Flash) are ubiquitous.
- Catelites also can use Trojan droppers disguising themselves as applications on fake application repositories or even curated ones like Google's Play Store.
Accordingly, malware experts suggest limiting one's application downloads to sources that have proven themselves trustworthy and provide long-term support for stopping the distribution of threatening software. Users also can disable JavaScript and Flash in their browsers for eliminating many ad-based vulnerabilities and tactics. Catelites installations also ask for specials permissions during the process, which provides a pointed hint that the program is unsafe.
Installing Android-compatible anti-malware products can provide further protection by removing Catelites infections or preventing their occurrence.
Like a cheap Halloween mask, Catelites is a scare that works best on those who don't prepare themselves for it. A strongly-secured phone will 'bleed over' its protection to one's passwords, bank accounts, and all the money whose flow they enable.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.