Cron
Cron or Cronbot is a banking Trojan strongly associated with the threat actor of the same name. Cron can abuse SMS messaging features, and insert unsafe content into your browser for collecting data, redirecting you or hijacking transactions. Android users can protect their devices by having anti-malware services available for stopping or uninstalling Cron and should be attentive to SMS-based attacks that can spread the Trojan.
The Message Carrying a Thief Inside
Legal action from Russia has identified a purportedly conclusive list of the Cron banking Trojan's criminal administrators and affiliates. However, while the threat actor's constituent members are serving time, the Cron software remains a credible security risk and may see use in other hands. In its heyday, Cron competed profitably with similarly wide-distributed threats like Asacub, making over a million in profits from smaller transactions of around one hundred USD apiece.
Cron is a Trojan for Android smartphones and includes a payload equipped with attacks for collecting information, monitoring the device, and initiating transactions favoring the criminals. Before doing so, it gets access to the victim's phone through one of two tactics, both manipulating the user's psychological through 'free download' offers:
- Cron pretends that it's free software, such as an adult video-streaming application, an advertising affiliate service, or a phone-rooting tool like Framaroot. These download links include Web components supporting the tactic's exploitation of a well-known brand.
- SMS messaging also is put to use for distributing Cron through embedded links pretending that the Trojan installer is a leak of photos or advertisements.
The second of these strategies synergizes with some of Cron's other features, which rely on SMS messages for achieving its goals of compromising bank accounts and their money.
Dispelling Up the Ghosts of Hackers Past
Cron's payloads include various features for denying the victims privacy and tricking them into providing information for generating harmful cash transactions. Although most Cron attacks target Russian residents, its capabilities are general-purpose enough that a new operator could apply them to other parts of the world without much work. Interception of confidential SMS messages, Web browser injections for inserting unsafe content, and non-consensual USSD requests are some of the functions that malware experts rate as, typically, persistent across the Trojan's builds.
All phone users should stay familiar with the templates that phishing tactics and other attacks use for infecting your device through text messages. Links with obfuscated or shortened URLs are strong candidates for being unsafe. Malware experts also encourage standard protective measures for your browser, like leaving off JavaScript and Flash by default.
Android-suitable anti-malware solutions can guard your phone against these attacks and flag associated elements, such as domains and network activity. Most cyber-security products should remove Cron properly.
Although security software is capable of handling Trojan uninstallation routines, they can't turn back the clock on collected credentials. When a banking Trojan like Cron attacks, what it takes can be lost forever, which is why exercising foresight before clicking is everyone's duty.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.