A new version of the Android banking malware Svpeng adds an innovative way to steal data, according to a report from Kaspersky Lab released Monday.
Svpeng, designed to steal banking information through different means, now embeds itself in Android's accessibility services — the software that helps users with disabilities navigate devices and apps, the cybersecurity firm said. So Svpeng is now able to steal any data in a text box and log all keystrokes.
"Svpeng is one of the most dangerous banking Trojans right now," said Roman Unuchek, senior malware analyst at Kaspersky Lab, via email.
Unuchek added, however, that the new version of the malware is not currently in wide use.
Svpeng was among the first malware to steal from SMS banking and to overlay phishing apps over banking apps to steal credentials.
"Most of the dangerous functions that are common for mobile banking Trojans [first] appeared in Svpeng," Unuchek said.