Android Trojan gets an update

Android Trojan gets an update

The Android Trojan Svpeng, first reported by Kaspersky, has some new functionality and is now capable of phishing and stealing banking information.

The phishing capability is interesting. It waits on a targeted banking app or the Play Store app to launch, then a phishing window opens to requests credit card information, The information is then sent to a remote server.

image: Securelist

image: Kaspersky Labs

The Trojan’s themselves are disguised as Adobe Flash Player apps for Android. This is clever since Adobe stopped distributing Flash in the Play Store last year in an effort to move to HTML5.

Copies of Flash Player are still being distributed on file sharing sites and third-party markets — a super easy way to disguise malware is as a legitimate app.


Svpeng has been found to target Russian banks so far, but could easily spread to others if the malware is a success.

So far, 2013 has really seen a progression in banking Trojans targeting Android — the number has grown and so have the tactics they’re using.

These Trojans are likely found where you don’t roam, but just to be safe stick to trusted markets and review apps before installing.

Malwarebytes Anti-Malware Mobile detects this trojan as Android/Trojan.SMS.Svpeng

You can find the legitimate versions of Adobe Flash Player for Android here. Kaspersky’s story on Svpeng can be found here.


Armando Orozco

Senior Malware Intelligence Analyst

Faux geek who likes to keep it bland. Experienced in behavioral, PC, and mobile technologies.