Riltok is a virus that takes over your smartphone and steals the credentials of home banking services. Here’s how to defend yourself
A very dangerous new malware is spreading in Europe, including Italy. It’s called Riltok, it was born in Russia, and it’s a mobile banking trojan. A virus, that is, that aims to steal our bank account and credit card access credentials by acting through a smartphone app.
First discovered in Russia in 2018 by Kaspersky Lab, now Riltok has crossed Russian borders and the company that develops the well-known antivirus has already intercepted it in other countries. Riltok’s spread, Kaspersky explains, is slow but steady and this trojan is by no means to be underestimated. On the contrary, it is proving to be very effective and difficult to detect due to its mode of operation, which passes from a request (accepted by the user) to grant permissions to the app that carries the virus.
How Riltok works
So far, Riltok infections have started from a phishing SMS sent to the victim. The message invites the user to click on a link in order to complete a transaction, after which he will be credited with money. The link leads to a counterfeit Web page that invites the user to download a mobile app to receive payment. Riltok hides right inside this app: once downloaded and installed, the app asks the user to grant it privileges and permissions to access smartphone data. If the user accepts, he’s doomed: Riltok replaces the default app to read messages, accesses messages already received, sends SMS to other contacts to spread further.
What you risk with Riltok
Once operating on our smartphone, Riltok manages to access all credit card information, our online bank profile (it gets it by showing us a fake screen imitating the banking service page). Riltok does even more: it hides the notifications from the real banking apps we have installed, preventing us from receiving the alert that our money has been transferred.
How to defend yourself against Riltok
Because it manages to get all the necessary permissions for its operation directly from the user, Riltok is seen by many antivirus as a legitimate app. Therefore, the best way to protect yourself is to avoid clicking on any suspicious links received via SMS. Generally speaking, the usual advice about the permissions we grant to apps applies: always ask yourself why the app wants those permissions. Finally, although in this case it might not be enough, it is always useful to install an antivirus suite for smartphones and keep it always updated.