BankBot Android Trojan Targets 424 Legitimate Banking Apps

BankBot Android Trojan Targets 428 Legitimate Banking Apps

BankBot is back, once again bypassing the security measures of Google Play Store. The banking Trojan landed for the first time in January this year, when attackers used the source code of an unnamed Android banker. Attackers took the code and transformed it into BankBot. Research indicates that the Trojan has been used in attacks on banks in Russia, the UK, Austria, Germany, and Turkey.

BankBot New Campaigns Detected Plaguing Play Store

BankBot has also been upgraded to conceal itself so that it avoids Google’s security scanner. Three different active campaigns have already been detected and taken down. In other words, Google has taken measures and has removed the infected apps carrying BankBot.

Related: Sathurbot Trojan, Another Reason Not to Download Torrents

But as it often happens in the malware world, attackers were quick to react and replaced the eliminated apps with new ones. According to Securify, two new BankBot campaigns have been created and have once again bypassed Google’s security checks, meaning they could be found in the Play Store.

428 Legitimate Banking Apps Targeted

Securify has shared a list with 428 legitimate banking apps specifically targeted by the most recent versions of BankBot. The list contains bank names such as Santander, ING, Erste, Volksbank, Eurobank, ABN AMRO, BNP Paribas, Garanti, etc. Have a look at the full list.

For the infection to take place, BankBot would show a fake window on top of one of the legitimate banking apps listed above. Not surprisingly, the Trojan’s purpose is to harvest login credentials for the same banking apps. However, the malware can also intercept the user’s text messages, lock their device or even bypass two-step verification.

Related: Acecard, Android Trojan and Phishing Tool Targets Over 30 Banks

Unfortunately, the malware can be deployed against other popular apps such as Facebook, YouTube, Snapchat, WhatsApp, Twitter, and even Google Play Store alone. Android users should be extra careful as they are targeted too often by malicious pieces designed to steal their login credentials. Once these details are in the hands of attackers, things can get really scary.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Newsletter
Subscribe to receive regular updates about the state of PC Security and latest threads.

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.