Android package file
The Trojan may arrive as a package with the following characteristics:
When the Trojan is being installed, it requests permissions to perform the following actions:
- Send SMS messages
- Monitor incoming MMS messages
Once installed, the application will display a red, white, and blue shield and lock icon with the text of "Postbank".
The Trojan arrives on the compromised device after a compromised computer requests the scan of a QR code.
Note: The Trojan works with computers that have been compromised by other threats.
The Trojan intercepts SMS messages sent to the compromised device.
The Trojan uses the compromised device to forward SMS messages received from banking websites to the attackers.
Note: The attackers can use these SMS messages to get around two factor authentication methods used by online banking sites.
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":