DEFENSOR ID
DEFENSOR ID is a new banking Trojan that was hosted on the Google Play Store and pretended to be an attractive application that users could rely on to enhance their device's security and protect their funds. However, once installed, the DEFENSOR ID would request access to Android's Accessibility Features – a new and common strategy that Android malware uses to get escalated privileges on the infected device. The Trojan is able to perform a wide range of actions – it can try to access the victim's bank account and cryptocurrency wallet, or hijack the sessions used to control their email and social media profiles.
Since users might be tricked into thinking that DEFENSOR ID is a legitimate and verified application, it is very likely that they will provide it with the permissions it demands without thinking too much about it. Once DEFENSOR ID has been granted the permissions it needs, it will gain the following abilities:
- DEFENSOR ID can read the text shown in any Android application – this enables the perpetrators to collect text messages, monitor conversations, emails, and even two-factor authentication codes created by mobile applications.
- DEFENSOR ID can lock or unlock the screen.
- DEFENSOR ID can fetch information about the Android device's hardware and software.
- DEFENSOR ID can simulate clicks and screen touches, so it would be possible for the attacker to link with applications running on the remote computer.
DEFENSOR ID Banking Trojan Focuses on Portuguese-Speaking Users
The DEFENSOR ID application features a description written in Portuguese, so it is likely that Brazilian and Portuguese targets will be its primary targets. The fact that Brazil is among of the most targeted regions is not a surprise – a major fraction of Android banking Trojans appear to focus on this region in particular.
In addition to DEFENSOR ID, cybersecurity experts were able to identify another version of the Trojan that was hosted on the Google Play Store, but under a different name – Defensor Digital. If you think you might have interacted with any of these Android applications, it is recommended to scan your mobile device for viruses by using an up-to-date anti-malware mobile application. Furthermore, you should consider updating your passwords to make sure that none of your data was hijacked by cybercriminals.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.