New Banking Malware Spreads in Flashlight and Solitaire Apps
BankBot, a new Banking Malware found by cybersecurity researchers. Discovered by the joint operation of security researchers at Avast, ESET and SfyLabs in Google play store.
BankBot malware was first found in 2008 targeting third-party websites. But later it was discovered in Google play store in 2014 which infected lots of Android Apps.
How it’s Working?
Once Malware was installed on the device, it will check bank apps on your mobile device. Once its found one of the Bank apps available, BankBot will connect to its C&C server and upload the targets package name and label., according to report TrendMicro The C&C server will send a URL to BankBot so it can download the library that contains files used for the overlay webpage and displayed on the top of the legitimate banking App and used to steal users credentials.
BankBot app asks your banking details twice after it will send stolen data to its Server. When you used to open your Bank App it will display an overlay webpage on top of the banking application then its behave fake version of Banking apps and gets administrator privileges before removing the app icon. Victims thought its genuine banking app but it’s not and the user enters into a fake app.
The Apps work in the backend, to collect private information like SMS, Credit card numbers, CVC and more. Also, it’s able to collect phone information such as IMEI number, Mobile device model, OS version and send it to attacker server.
Affected Apps
Avast spotted first sample in OCT 2017, it was hidden in the “Tornado FlashLight” (com.andrtorn.app) and later appeared in the “Lamp For DarkNess” and “Sea FlashLight” apps. In late October and November, a smartphone cleaning app and multiple Solitaire gaming apps appeared with the malware embedded, for the aforementioned second campaign.
BankBot Malware was found in famous apps like Flashlight and Solitaire. Solitaire apps have targeted 131 banks customers worldwide including Citibank, Suncorp, ICICI, Noris, and Skrill payment system too.
How to Prevent?
- Do not allow ‘Unknown Sources’ to install a malicious app.
- Use Mobile Antivirus, Anti-malware App to protect your mobile devices.
- Never click on unknown app link.
- Do not give administrator permission to your apps.
- Always download “Verified by Play Protect” Apps.
- Keep Mobile backup always.