Hackers stumbled across Revive, an android malware targeting the BBVA bank accounts in Spain, by imitating the bank’s 2FA application.
Revive follows a more focused approach - the bank and not customers as its prime targets.
How Revive works?
According to Cleafy, a security service in Italy, Revive malware relies on phishing attacks to target prospective victims.
Customers are instructed by this phishing attack that the 2FA functionality included in the real bank app is no longer sufficient and download a 2FA tool, required for their account safety.
The impersonating website contains a video tutorial to guide victims through the process of downloading and installing it.
Once the installation is done, Revive requests permission to use the Accessibility Service, giving permissions to take complete control of the screen and the ability to perform screen taps and navigation actions.
A wide range of access granted
Users are prompted to enable the app access to SMS and phone calls, redirecting them to the fake bank’s page to enter credentials.
Following the access, Revive continues to operate as a straightforward keylogger in the background.
Hence, credentials can be pilfered either through keylogging activities or through the phishing page. 2FA is obtained through intercepted SMSs.
Revive is highly undetectable
Revive employs a unique control panel to gather passwords and intercept SMS messages. It goes undetected by many companies.
Security vendors have minimum/fewer opportunities to record these threats and create identification parameters.
Furthermore, short-term campaigns and limited targeting have allowed threat actors to remain hidden for a longer period of time. It also gets enough time to localize its activities.
Revive bears quite a lot of similarities with Teradroid, another Android spyware, and the two share extensive similarities in the API, web framework, and functions.
The threat actors are becoming more powerful, and as banks are one of their main targets, hosts must strengthen their security to keep up the fight. Training employees and using the right cybersecurity tools is the need of the hour to protect against banking Trojans like Revive.