A security analyst has discovered a brand new variant of the notorious mobile banking Trojan concealing in apps beneath totally different names, like Funny Videos 2017, on Google Play Store.
Niels Croese, the safety researcher at Securify B.V firm, analyzed the Funny Videos app that has 1,000 to 5,000 installs and located that the app acts like several of the regular video applications on Play Store, however within the background, it targets victims from banks round the world.
This newly discovered android trojan targeting banking apps works like several other banking malware, but two things that makes it different from others are — its capability to target victims and use of DexProtector tool to obfuscate the app’s code.
How android trojan targeting banking apps?
In a shell, BankBot is mobile banking malware that appears sort of a easy app and once installed, permits users to look at funny videos, but behind the scene in the background, the app will intercept SMS and show overlays to steal banking info.
Mobile banking trojan usually disguises itself as a plugin app, like Flash, or an adult content app, however this app created its way to Google Play Store by disguising itself as the other regular smartphone app.
Google has removed this malicious app from its Play Store once receiving the report from the research worker, however this doesn’t mean that a lot of such apps don’t exist there with completely different names.
“Another drawback is that Google [Play Store] primarily depends on automatic scanning while not a full understanding of this obfuscation vectors leading to banking malware on the Google Play Store.” research worker told The Hacker News.
Once downloaded, the app persistently requests body rights, and if granted, the banking malware will management everything that is happening on an infected smartphone.
The BankBot springs into action once the victim opens any of the mobile apps from a pre-configured list of 425 banking apps. an entire list of banks a BankBot variant is presently imitating are often found on the journal post published by the research worker.
Once one amongst the listed apps is opened, BankBot straight off displays an overlay, that is a page on the highest of legitimate mobile banking app and tricks android users getting into their banking credentials into the overlay, a bit like a phishing attack.
This will not solely sends your banking credentials to your bank’s servers however additionally sends your money credentials to the server controlled by fraudsters.
This social engineering technique is commonly utilized by financially motivated criminals to deceive users into leaving behind their personal details and sensitive banking info to fraudsters.