This Russian mobile banking malware takes over your mobile phone
Home 5 Blog 5 This Russian mobile banking malware takes over your mobile phone
This Russian mobile banking malware takes over your mobile phone | IntelliTeK Pty Ltd - Managed IT Services

The “Svpeng” malware has evolved since 2013 and now it has new added functionality to become a keylogger, stealing entered text through the use of accessibility services (Android).

On Android, Accessibility Services provides user interface (UI) assistance which aid in the use of their mobile device. Once compromised, hackers can not only steal your entered text but they can also grant themselves permissions and rights to your device.

However the hack doesn’t apply to everyone. According to Unucheck, after infecting the device, the malware checks the device’s language and if the language comes back as Russian, the malware prevents further malicious tasks – suggesting the people behind the “Svpeng” malware are indeed Russian who are avoiding hacking locals.

Only a small number of users have been attacked, which suggests that the malware hasn’t reached its full potential. Targets spanned across 23 countries, with the most attacks experienced in Russia, Germany, Turkey, Poland and France.

How does it compromise your phone?

Once infected, the grants itself administrator privileges and goes to the extent of preventing any uninstallation of the infected app. It also prevents any attempt to remove administrator privileges – meaning the phone will totally be compromised and the user will be at the mercy of the hacker. The malware will then begin to record your entered text and take regular screenshots which will automatically be sent to malicious servers.

Some banking apps do not allow screenshots but the “Svpeng” malware has the ability to draw its app over the banking app – making it very much possible to steal data. There has been evidence extracted from transit data to and from the malicious servers which contains banking app data from different countries including UK, Germany, Turkey, Australia, France, Poland and SIngapore.

How it spreads?

Primarily from malicious websites which have fake versions of Flash player, its malicious techniques works on even the latest version of Android, with all security updates installed. This threat should be treated with high priority and we again stress to our clients and the public to tread carefully when visiting different websites.

About IntelliTeK Pty Ltd

IntelliTeK is a managed IT services company in Sydney, Australia. With major vendor relationships and accreditation’s from the worlds leading IT companies including WatchGuard, Microsoft, Trend Micro and Amazon Web Services, IntelliTeK have kept clients happy since 2007. 

IntelliTeK are always up to date with the latest cloud backup solutions which is why we only partner with the best in the industry. If your company isn’t fully equipped to fend off cyber criminals, then get in touch with us so we can discuss your options. Call us on 1300 768 779, email us at, fill out the web form, or have a Live Chat with us below.

Book A Consult

We can accommodate a solution for your needs, to discuss your options please contact us today.

Ph: 1300 768 779