Back to Blog

Riltok banking trojan begins targeting Europe

June 26, 2019

By: mirabiliscorp

The Riltok banking trojan, originally intended to target Russians, has, after a few modifications, set its sights on the European market.

The malware has more recently diverted four percent of its traffic to France and even smaller percentages to Italy, Ukraine and the U.K., although 90 percent of its victims in Russia, according to a June 25 Kaspersky blog post.

Riltok is distributed from infected devices via SMS, disguised as apps for popular free ad services in Russia. Victims typically receive an SMS containing a malicious link pointing to a fake website that appears to be a popular free ad service.

They are then prompted to download a “new version” of the mobile app, which is actually the trojan. To install the phony app, a victim must permit the installation of apps from unknown sources in the device settings.

Riltok asks the user for permission to use special features in AccessibilityService and if the user ignores or declines the request, the window keeps opening ad infinitum.

Once the malware has obtained the desired rights, the trojan sets itself as the default SMS app (by independently clicking Yes in AccessibilityService) before vanishing from the device screen.

Once a device is infected, the malware actively communicates with its Command and Control servers and receives various commands.

Researchers noted the malware sends data about the device  including the IMEI, phone number, country, mobile operator, phone model, availability of root rights, OS version, list of contacts, list of installed apps and incoming SMS.


Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

Follow us


Contact Us
First Name*
Last Name*
Mobile Number*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
I agree to the Privacy Policy and Terms of Service.