Home > Threat descriptions >

Trojan:Android/Gepew

Classification

Category: Malware

Type: Trojan

Platform: Android

Aliases: Trojan:Android/Gepew, Android/SpyBanker, Android.Trojan.Gepew, Android.Fakebank

Summary


Trojan:Android/Gepew is installed on a mobile device as part of a PC-based malware's payload and attempts to replace installed apps with trojanized versions.

Removal


Automatic action

Once the scan is complete, the F-Secure security product will prompt you to assess the file and choose to Uninstall, Quarantine or keep it installed on your device.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


Trojan:Android/Gepew variants are reportedly installed on a mobile device as part of the payload of a PC-based trojan, Droidpak. When this trojan infects a Windows system, it downloads a mobile app onto the machine and then attempts to install it onto any Android devices connected to the system by a USB cable. For installation to be successful, the device must have the setting 'Enable USB debugging' enabled.

When installed, Gepew will scan the device for installed apps associated with South Korean banks. If found, Gepew prompts the user to remove these apps; if complied with, trojanized versions of these apps are installed. The trojan may also monitor and intercept incoming SMS messages, which are forwarded to a remote server. For more information, see: