The World Bank Trojan Riltok is changing in Europe

Updated July 18, 2019

Trojan’s Riltock Bank is for Russian purposes.
After making minor changes, he focused on European market.

Malware opposes retailers by four percent
Low percentages to France and Italy, Ukraine and the United States.
As of June 25, 90 percent of the victims were in Russia.
Kaspersky Blog [

Riltok is sent as a curse by SMS from an infected device.
Sign up for the best advertising services in Russia. Regular meetings
SMS with malicious links on the wrong site and –
Advertising fees Advertising services seem to be popular.

Then you need to download a new version of the mobile application.
In fact, he is a Trojan. You have to sacrifice yourself to install artificial software
Allows you to install apps from unknown sources on your device
Location

Relatives require users to use certain features
This ensures accessibility and if the client refuses or rejects the request
Open window ads are outdated.

Once the virus has acquired the necessary permissions, it is created by the Trojan Pack
This is a normal SMS application (click Yes)
Display the device before exiting the login screen.

If the device is infected, the malware is actively connected to it
It has a guidance and management server and accepts various requests.

Researchers have found that malware transmits information about this device
IMEI, Phone Number, Country, Mobile Phone, Model Phone,
Buy root permissions, operating system version, contact list, list
Install the application and submit the SMS.

Other features available in the malware library include:

* Get the address of the C&C hacking server on your computer
* Get a file for C&C injection repair and standard injection
* List of banks / anti-virus programs / other known programs / programs; Search the application package name for available
events.
* Set malware as a standard SMS application.
* Look for the phishing address of other pages opened as soon as the program starts

To prevent infection, researchers have advised users not to follow them again
Suspended links are sent via SMS but installs applications from legitimate sources
And then check the permissions allowed during installation.