New Android malware ‘Mamont’ acts as Google Chrome to steal banking details

New Android malware ‘Mamont’ acts as Google Chrome to steal banking details

In February, cybersecurity researchers at McAfee stumbled upon a new iteration of the notorious Android XLoader malware. This time, however, it wasn’t lurking in the shadows under its usual guise. Instead, it masqueraded as something ubiquitous and seemingly benign: Chrome, the popular web browser. But this was just the beginning of a new threat landscape in mobile cybersecurity.

Dubbed ‘Mamont’, after the Russian word for a woolly mammoth, this cunning malware has found a way to blend into the digital scenery, camouflaging itself within the mobile version of Chrome. Its objective? To pilfer sensitive information, particularly banking details, from unsuspecting users.

How does Mamont work?

The process starts innocuously enough, often initiated through spam or phishing messages. Once installed on a device, Mamont immediately begins its deceptive dance. It prompts users for various permissions, such as managing phone calls and sending messages. Should an unwitting victim grant these permissions, Mamont reveals its true colors.

The virus hides itself as ‘Google Chrome’ instead of ‘Chrome’. (Image Source: G Data)

Under the guise of offering a cash prize, Mamont coerces users into entering their phone numbers and credit card details. Once the bait is taken, the malware ensnares its prey further by urging them not to delete the app for 24 hours. Meanwhile, Mamont, with its access to SMS capabilities, sifts through the user’s messages, specifically targeting those related to banking apps.

The stolen information is then discreetly dispatched to a Telegram channel controlled by malevolent actors. From there, sensitive data like 2FA codes become tools for committing bank fraud, leaving victims in financial distress.

What makes Mamont particularly insidious is its facade. With an icon mimicking Chrome and a name that closely resembles the legitimate app, differentiating between the two becomes a daunting task for users. Yet, there are subtle tells, such as the black border surrounding Mamont’s icon, providing a clue to its true nature.

Currently, Mamont sets its sights primarily on Russian-speaking users. However, the adaptability of such malware means it’s only a matter of time before it seeks out new demographics.

How can you safeguard yourself against Mamont and similar Android threats?

The first line of defense is vigilance. Stick to downloading apps from trusted sources like the Google Play Store, and always scrutinize the permissions requested by any application. If an app demands excessive access to your device’s functions, proceed cautiously.

Furthermore, maintaining awareness of cybersecurity threats and practicing digital hygiene are essential in today’s interconnected world. By staying informed and exercising caution, you can mitigate the risks posed by insidious malware like Mamont.

In the battle against cyber threats, knowledge and caution are our greatest allies. Stay informed, stay vigilant, and together, we can navigate the digital landscape with greater resilience.

Also read:

New Loop DoS Attack Targets Hundreds of Thousands of Systems