Banking Trojan, Gugi, evolves to bypass Android 6 protection | Advanced Mobile Spy Software
Almost every Android OS update includes new security features designed to make cybercriminals' life harder. And, of course, the cybercriminals always try to bypass them. We have found a new modification of the mobile banking Trojan, Trojan-Banker.AndroidOS.Gugi.c that can bypass two new security features added in Android 6: permission-based app overlays and a dynamic permission requirement for dangerous in-app activities such as SMS or calls. The modification does not use any vulnerabilities, just social engineering. Initial infection The Gugi Trojan is spread mainly by SMS spam that takes users to phishing webpages with the text "Dear user, you receive MMS-photo! You can look at it by clicking on the following link". Clicking on the link initiates the download of the Gugi Trojan onto the user's Android device. Circumventing the security features To help protect users from the impact of phishing and ransomware attacks, Android 6 introduced a requirement for