Coper

Coper is a modular banking trojan that can be customized to target specific banks and financial institutions. It is typically distributed through SMS phishing messages that contain a malicious link. Once this malware is installed on the user’s device, it leverages social engineering and the accessibility services feature to disable Google Play Protect and install additional malicious apps. 

Coper was discovered in July 2021 and targeted 40 financial apps. Coper was initially packaged as a banking app called “Bancolombia Personas,” targeting customers of this Columbian Bank. 

Once launched, Coper gains a range of permissions, including admin privileges, the ability to send and intercept SMS messages, make calls, lock and unlock the device, perform keylogging, and uninstall applications. 

On top of the common trojan features, Coper employed other novel capabilities like: 

• Coper monitors the device’s battery optimization allowlist, allowing it to be partially exempt from doze and app standby settings and continuing operations. 
• Every minute, the trojan notifies the command-and-control server about its successful device infection and awaits instructions. The server can provide updates, including changing servers, identifying apps to target with a phishing screen, selecting 

Coper can pose a serious threat to mobile banking apps. Coper can steal sensitive information from mobile banking apps, including account credentials, transaction history, contact information, and device information. Coper can also intercept push notifications from mobile banking apps, allowing the malware to respond to these notifications and trick the victim into entering their credentials.

To protect your mobile banking app from Coper, you should take the following steps:

• Use a security scanner to scan your app for vulnerabilities.
• Implement security features such as two-factor authentication and fraud detection.
• Educate your users about the dangers of phishing attacks and how to protect themselves.
• Only use trusted app stores to distribute your app.
• Keep your app up to date with the latest security patches.
• Use strong encryption to protect sensitive data.
• Monitor your app for suspicious activity.

Learn More about Banking Trojan Families

Coper is one of the principal families of banking trojans threatening mobile banking and financial apps. Learn more about other prominent banking trojan families:

• BianLian
• Cabassous
• EventBot
• ExobotCompact.D
• Octo
• FluBot
• Medusa Trojan
• SharkBot
• TeaBot
• Xenomorph
• Zbot
• Svpeng
• Marcher
• Anubis
• Ginp
• Cerberus Trojan
• BankBot
• Emotet

Related Content

• Mobile Banking Heists: The Emerging Threats and How to Respond
• Financial Apps Are Not As Safe As You Think
• BankBot & Friends: Phishing Mobile Customers Like You Soon