Malware against bank accounts is currently the order of the day. New cases of malicious programs that try to impersonate your bank. The next victim is BBVA exclusively in Spain when a new Android banking malware called Revive was discovered, which pretends to be a 2FA app which promises to be necessary to log in to online banking.

What is really interesting about this Trojan is precisely how specific it is. Until now we have seen programs that tried to attack clients of different banks. But with Revive they wanted to refine the shot to BBVA and only Spanish customers.

BBVA customers are threatened by Revive

It has been the Cleafy researchers who have sounded the alarm about this new malware, which has received its name because it is capable of reboot if discovered.

This malware aims to convince people to download an app. This acts as a supposed two-step verification tool that is necessary to improve the security of the bank account with BBVA. This is done through a phishing message in which it tries to convince users that they must install an additional tool to keep their account secure.





The download of the application is done through a external website that looks quite real, with the theme of the bank itself and its corporate colours. In addition, it also has a video as a tutorial to guide people through the download process so that it is completely satisfactory.

Once the application has been downloaded, it will start asking for permissions. Accessibility first with the aim of knowing where are you tapping on the screen and have complete control of it. But you’ll also want to access SMS and phone calls, which can be normal for an official security app.





What will be happening from that moment is that the access credentials will be sent to the hackers and a generic start web page will be loaded. This will have the links to the original website to go completely unnoticed. From there, each touch you give will be recorded and will send it to attackers on a regular basis. With this information at the end you can access the account.

Via | bleeping computer