ew Android virus found, called “Invisible Man”
Security researchers have found a new form of malware which is targeting Android devices, posing as a Flash update that needs to be installed as soon as possible.
According to a report from, SophosLabs, the update is a fake and it also includes a form of malware which is known as Invisible Man, officially flagged as Andr/Banker-GUA. The new infection is based on a Svpeng malware which was first detected in 2015.
The malware, interestingly, does not infect users in Russia. So while compromising a device, it first checks the phone language. If the phone is set to Russian, all other tasks are stopped. If any other language is configured, Invisible Man asks for permission to utilize accessibility services, which can be further compromised to run malicious code.
If the malware is granted the permission to use accessibility services, it then configures itself as the default SMS app in order to take control of the screen and try to steal credit card information as users provide it in apps, including the Google Play Store.
“Invisible Man uses accessibility services to draw things on your screen above other apps, and to install itself as the default SMS app,” the security firm says.
“That ability to draw something on screen above other apps is used to create invisible overlays that sit above legitimate banking apps. The overlay intercepts keystrokes the victim thinks they’re typing into the app underneath such as usernames and passwords.”
One such attempt to steal financial details is now taking over the Google Play Store, so this means when users launch the Store to install apps, they are prompted to provide credit card information which is collected and sent to the attackers.
