Johannesburg - A recent version of one of the first malware viruses for mobile, has been found to have infected at least 318 000 Android users since July and it's looking to steal banking information.
The Svpeng mobile banking Trojan was first under investigation in 2013 as a PC-grade mobile malware but has since been modified reaching an infection peak of 37 000 victims per day.
Digital security firm, Kapersky Lab, recently discovered that the Svpeng virus had been lurking in Google’s Adsense advertising programme.
“The attackers, intent on stealing bank card information and personal data such as contacts and call history, were exploiting a bug in Google Chrome for Android," said Kaspersky.
"Now that Google has fixed the bug, Kaspersky Lab experts can reveal the full details of the attack,” Kaspersky said in statement on Monday.
The first known recent case of a Svpeng attack occurred in mid-July on an using the bug in Chrome for Android which discreetly downloaded itself onto the Android device.
The attacks began by infecting an advert on Adsense and disguised itself as a browser update or an apk file – the standard file type of an Android application.
Once installed and launched, the malware disappeared, making it harder to detect.
“The Svpeng mobile banking Trojan is designed to steal bank card information. It also collects call history, text and multimedia messages, browser bookmarks and contacts. Svpeng mainly attacks Russian-speaking countries, however it has the potential to spread globally,” Kaspersky said.
Since its first attacks developers have been studying the virus while the malware’s creators had been testing it.
Experts began investigating the virus with IBM developing countermeasures to detect it earlier.
In 2015, Russian authorities arrested a 25-year-old and four other suspects believed to be behind the Svpeng virus, however the software has since resurfaced.
Read Fin24's top stories trending on Twitter: