BankBot is back, once again bypassing the security measures of Google Play Store. The banking Trojan landed for the first time in January this year, when attackers used the source code of an unnamed Android banker. Attackers took the code and transformed it into BankBot. Research indicates that the Trojan has been used in attacks on banks in Russia, the UK, Austria, Germany, and Turkey.
BankBot New Campaigns Detected Plaguing Play Store
BankBot has also been upgraded to conceal itself so that it avoids Google’s security scanner. Three different active campaigns have already been detected and taken down. In other words, Google has taken measures and has removed the infected apps carrying BankBot.
But as it often happens in the malware world, attackers were quick to react and replaced the eliminated apps with new ones. According to Securify, two new BankBot campaigns have been created and have once again bypassed Google’s security checks, meaning they could be found in the Play Store.
428 Legitimate Banking Apps Targeted
Securify has shared a list with 428 legitimate banking apps specifically targeted by the most recent versions of BankBot. The list contains bank names such as Santander, ING, Erste, Volksbank, Eurobank, ABN AMRO, BNP Paribas, Garanti, etc. Have a look at the full list.
For the infection to take place, BankBot would show a fake window on top of one of the legitimate banking apps listed above. Not surprisingly, the Trojan’s purpose is to harvest login credentials for the same banking apps. However, the malware can also intercept the user’s text messages, lock their device or even bypass two-step verification.
Unfortunately, the malware can be deployed against other popular apps such as Facebook, YouTube, Snapchat, WhatsApp, Twitter, and even Google Play Store alone. Android users should be extra careful as they are targeted too often by malicious pieces designed to steal their login credentials. Once these details are in the hands of attackers, things can get really scary.