GPlayed younger brother is a banker and targets Russian banks

October 29, 2018 - 0 Comments

Cisco Talos published its findings on a new Android trojan known as “GPlayed” on Oct. 11. At the time, we wrote that the trojan seemed to be in the testing stages of development, based on the malware’s code patterns, strings and telemetry visibility. Since then, we discovered that there’s already a predecessor to GPlayed, which we are calling “GPlayed Banking.” Unlike the first version of GPlayed, this is not an all-encompassing banking trojan. It is specifically a banking trojan that’s looking to target Sberbank AutoPay users, a service offered by the Russian state-owned bank.

GPlayed Banking is spread in a similar way to the original GPlayed. It’s disguised as a fake Google app store, but actually installs the malware once it’s launched. This further illustrates the point that Android users need to be educated on how to spot a malicious app, and that they should be careful as to what privileges they assign to certain programs.


In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.