Skip to main content

Russians under attack by modified Gugi Trojan

Google's release of Android 6 operating system came with a couple of nifty security features. Among them, the feature which allowed users to allow, or block, app overlaying. It also gave users the option to approve apps sending SMS messages and make calls in their stead. 

These two features essentially rendered the Gugi Trojan useless, but now, according to Kaspersky Lab researchers, there is a modified version out there which bypasses these security features. The Trojan is mostly attacking Russians, with 93 per cent of all registered cases being in this country. 

Kaspersky Lab says victims are usually approached via SMS, which comes with a malicious link. If the user clicks it, it will have the Trojan installed, after which it will set about getting necessary access rights. A pop-up will appear, saying 'additional rights needed to work with graphics and windows'. 

There's only one button: 'provide'. Pressing it, users will be asked to allow app overlaying. Then, the Trojan will ask for "Trojan Device Administrator” rights, and will ask for permission to send SMS messages and make calls. The Trojan is built to ‘steal financial credentials, SMS and contacts, make USSD requests’, the researchers said. If it does not get the necessary access rights, it will completely block the device. 

Deleting the Trojan is also difficult if the user gives it the Trojan Device Admin rights. 

“Cybersecurity is a never-ending race. OS systems such as Android are continuously updating their security features to make life harder for cybercriminals and safer for customers. Cybercriminals are relentless in their attempts to find ways around this, and the security industry is equally busy making sure they don’t succeed. The discovery of the modified Gugi Trojan is a good example of this. In exposing the threat, we can neutralise it, and help to keep people, their devices and their data safe,” said Roman Unucheck, Senior Malware Analyst, Kaspersky Lab. 

Image Credit: CyberHades / Flickr