Are you angry when you see another news about new virus/malware/ransomware on your loved mobile operating system? In my opinion, this does not prove that Android is not well protected. It means that Android is the most popular operating system for smartphones. Of course, hackers count also on the fact that mobile manufacturers do not provide security updates for older devices. Therefore, they study the source code of old Android versions ver carefully.

This time, someone wants to steal our money. Researchers from Kaspersky Lab have reported that new trojan attack mobile banking applications. Unfortunately, also Android Marshmallow users are threatened. You probably know that Google has implemented a lot of security mechanisms in Android Marshmallow as the effect of lesson learned from previous versions.


Gugi banking trojan is able to bypass security barricades implemented in Android 6 Marshmallow.

This is not  good information, because every new smartphone has this version of Android operating system on board. We all know that Android 7 Nougat has been released recently, but only Google Nexus smartphones users can install this. Therefore, cyber criminals are currently focused on Android Marshmallow, because they know that a lot of cheaper smartphones will not receive Android Nougat update.

The Gugi trojan bypasses Android Marshmallow mechanisms which protect us against phishing attacks and ransomware applications. It is able to add itself to any application installed on our phone. Therefore, Gugi can read our SMS messages and send them. Therefore, it is able to intercept one-time codes using for authorization of money transfer. It i also able to steal our data from any application (including banking apps) and every text which we put in the web browser.

The Gugi trojan works in very interesting way – it asks you about all permissions!

 I bet that you think that only an idiot will bet the trojan all permissions. However, the Gugi use very clever social engineering method. It spreads via SMS with link to phishing site which claims that you have received a MMS with photo. Unfortunately, most people do not suspect anything and they simply click the link. And this is the first step to the apocalypse. The first permission request does not sound dangerous. However, after this, the Gugi will block your device and you will not have other choice than to permit all requested rights. You can read all details about Gugi trojan on the Kaspersky Labs blog. Fortunately, as far, the Gugi trojan was spreading mainly between users in Russia. However, the situation may change and also Indian users will start to receive dangerous SMS messages.