Attacks with the novel Ajina.Banker Android trojan have been deployed to facilitate banking data and two-factor authentication code exfiltration across Central Asia, particularly banking users in Uzbekistan, since November, according to Hackread.
Numerous social engineering tactics have been leveraged by threat actors to deploy Ajina.Banker, including fake banking, government, and utility apps, as well as malicious links purporting to be for promotions or offers spread via Telegram, a report from Group-IB revealed. Aside from facilitating the theft of SMS messages, SIM card details, and financial accounts' 2FA codes, newer iterations of Ajina.Banker have also allowed the exfiltration of users' banking card information, PIN codes, and phone numbers, said Group-IB researchers, who also discovered the malware's operation on an affiliate program model. Such a threat should prompt increased vigilance on unwanted messages and downloads, as well as app permissions, with iVerify co-founder and Chief Operating Officer Rocky Cole recommending the implementation of mobile endpoint detection and response platforms to identify malicious APKs and social engineering attacks.
