Trojan:Android/PerkeSecuApp.A

Classification

Malware

Trojan

Android

Trojan:Android/PerkeSecuApp.A

Summary

Trojan:Android/PerkeSecuApp is a banking-trojan that monitors and intercepts cetain incoming SMS messages on the device.

Removal

Automatic action

Once the scan is complete, the F-Secure security product will ask if you want to uninstall the file, move it to the quarantine or keep it installed on your device.

Find out more

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

PerkeSecuApp.A is a banking trojan that steals confidential data that banks send to customers to validate an online transaction. It monitors incoming SMS messages, looking specifically for those originating from the bank and containing the mobile Transaction Authentication Number (mTAN). Banks typically relies on mTAN as the second part of a two-factor authentication method. This number is sent via an SMS message to the customers, and must be entered to proceed with a transaction.

PerkeSecuApp.A is just one part of the whole operation. It complements the computer-based component that compromises websites using code injection. When users visit compromised banking sites, they will be asked to provide their phone numbers in order to receive a so-called security application from the banks. Users will receive an SMS message containing a link to download the application. Once installed, PerkeSecuApp.A will display or perform a fake operation while silently intercepting SMS messages in the background.

Unlike Zitmo and other banking trojans, PerkeSecuApp.A does not forward the intercepted messages to a remote server or to a URL link but sends out plain SMS messages to a specific number instead.

Date Created: -

Date Last Modified: -