Group-IB specialists discovered the FANTA virus, aimed at users of services where it is required to indicate payment data, for example, Avito. Damage from him for several months amounted to at least 35 million rubles.
In addition to Avito, FANTA also targets users of other services, including AliExpess, Pandao, Yula, Aviasales, and car sharing and taxi services. The virus displays a fake notification of a system failure on the Android smartphone screen and asks for the right to use the AccessibilityService, interferes with applications that protect the smartphone from malicious activity and can read SMS messages.
FANTA analyzes which applications are installed on the smartphone and, when launched, opens a window for entering bank card information. This data is transmitted to attackers. The virus is mainly interested in applications of banks, electronic wallets and payment systems.