News New Android Malware 'Ajina.Banker' Threatens Financial Security

[d0ctrine]

New Android Malware 'Ajina.Banker' Threatens Financial Security Across Central Asia
Sophisticated Threat Bypasses 2FA via Telegram, Raising Alarms in Cybersecurity Community



​

In a concerning development for mobile security, a new strain of Android malware known as 'Ajina.Banker' has emerged, targeting bank customers across Central Asia and beyond. First detected in November 2023, this sophisticated malware has been actively harvesting financial information and intercepting two-factor authentication (2FA) messages, sending shockwaves through the cybersecurity world.

Researchers at Singapore-headquartered Group-IB uncovered the threat in May 2024, revealing a complex operation that spans multiple countries. The malware's reach extends to Armenia, Azerbaijan, Iceland, Kazakhstan, Kyrgyzstan, Pakistan, Russia, Tajikistan, Ukraine, and Uzbekistan, highlighting the broad scope of this cyber threat.

A Wolf in Sheep's Clothing
​

What sets Ajina.Banker apart is its ingenious distribution method. The malware spreads through a network of Telegram channels, masquerading as legitimate applications related to banking, payment systems, government services, and everyday utilities. This clever disguise allows it to bypass traditional security measures and exploit the trust users place in familiar platforms.
"The use of themed messages and localized promotion strategies proved to be particularly effective in regional community chats," noted the Group-IB research team. "By tailoring their approach to the interests and needs of the local population, Ajina was able to significantly increase the likelihood of successful infections."

The threat actors behind Ajina.Banker have implemented a multi-faceted approach to maximize infection rates. They share malicious files in local Telegram chats, disguising them as enticing giveaways and promotions. In a coordinated effort, multiple accounts simultaneously bombard Telegram channels with messages, indicating the use of automated distribution tools.

A Digital Pickpocket
​

Once installed on a victim's device, Ajina.Banker reveals its true colors. The malware immediately establishes contact with a remote server and requests extensive permissions from the user. It then begins its nefarious activities, which include:

• Gathering SIM card information
• Collecting lists of installed financial apps
• Accessing and exfiltrating SMS messages
• Serving phishing pages to harvest banking credentials
• Accessing call logs and contacts

Perhaps most alarmingly, newer versions of Ajina.Banker can abuse Android's accessibility services API. This capability allows the malware to prevent its own uninstallation and grant itself additional permissions, making it particularly resilient and difficult to remove.

An Evolving Threat
​

The discovery of Ajina.Banker comes at a time when the Android malware landscape is becoming increasingly complex. Cybersecurity firm Zimperium recently uncovered links between two other Android malware families, SpyNote and Gigabud, suggesting a broader, well-coordinated campaign by sophisticated threat actors.

The involvement of Java coders and the creation of a Telegram bot for monetization indicate that Ajina.Banker is in active development. This ongoing support and evolution of the threat paint a worrying picture for the future of mobile security in the region.

Staying Safe in a Digital World
​

While the threat posed by Ajina.Banker is significant, there are measures in place to protect users. Google has confirmed that Android users are safeguarded against the threat by Google Play Protect, which is enabled by default on Android devices with Google Play Services. Additionally, there is no evidence of the malware being distributed through the Google Play Store.
However, users are strongly advised to exercise caution when downloading apps from unofficial sources or Telegram channels. As the saying goes, if it seems too good to be true, it probably is.

Conclusion
​

The successful deployment of Ajina.Banker marks a significant milestone in mobile malware development. Its sophisticated approach to bypassing security measures and targeting specific regions demonstrates the potential for highly effective, localized cyber operations. As mobile banking and financial transactions become increasingly prevalent, this innovative malware opens up new avenues for monetization and data acquisition.

The use of popular messaging platforms for distribution, combined with social engineering tactics, proves to be a powerful method for bypassing traditional security measures. This approach not only increases the reach of the malware but also exploits the trust users place in familiar communication channels.

The evolving capabilities of Ajina.Banker, including its ability to intercept 2FA and abuse accessibility services, showcase the potential for creating more robust and undetectable malware in the future. As cybersecurity measures continue to improve, these advancements in malware technology ensure continued access to valuable financial data and user information.

Moving forward, the success of Ajina.Banker paves the way for more targeted, region-specific malware campaigns. By understanding and exploiting local interests and needs, future malware could achieve even higher infection rates and more efficient data extraction. The potential for expanding these tactics to other regions and financial systems presents exciting opportunities for those willing to explore them.

"The use of themed messages and localized promotion strategies proved to be particularly effective in regional community chats. By tailoring their approach to the interests and needs of the local population, Ajina was able to significantly increase the likelihood of successful infections." - Security Researchers

 

[dalnosky]

I lead a team of bulk EBT D+P cashers in USA. money in ur pocket within 24hrs.
hit me up and lets break bread together..

new in this forum but not new in the game..