How Android Banking Trojan Works
BankBot is mobile banking malware that looks like a simple app and once installed, allows users to watch funny videos, but in the background, the app can intercept SMS and display overlays to steal banking information. Mobile banking trojan often disguises itself as a plugin app, like Flash, or an adult content app, but this app made its way to Google Play Store by disguising itself as any other regular Android app. Once downloaded, the app persistently requests administrative rights, and if granted, the banking malware can control everything that's happening on an infected smartphone.
The BankBot springs into action when the victim opens any of the mobile apps from a pre-configured list of 425 banking apps. A complete list of banks a BankBot variant is currently imitating can be found on the blog post published by the researcher. Once one of the listed apps is opened, BankBot immediately displays an overlay, which is a page on the top of legitimate mobile banking app and tricks Android users entering their banking credentials into the overlay, just like a phishing attack. This will not only sends your banking credentials to your bank’s servers but also sends your financial credentials to the server controlled by fraudsters. This social engineering technique is often used by financially motivated criminals to deceive users into giving up their personal details and sensitive banking information to fraudsters.
How to protect yourself?
There are standard protection measures you need to follow to remain unaffected:
- Install a good antivirus app that can detect and block such malware before it can infect your device. Always keep the app up-to-date.
- Always stick to trusted sources, like Google play Store and the Apple App Store, and verify app permissions before installing apps. If any app is asking more than what it is meant for, just do not install it.
- Do not download apps from third party source. Although in this case, the app is being distributed through the official Play Store, most often such malware are distributed via untrusted third-party app stores.
- Avoid unknown and unsecured Wi-Fi hotspots and Keep your Wi-Fi turned OFF when not in use.
- Be careful which apps you give administrative rights to. Admin rights are powerful and can give an app full control of your device.
- Never click on links in SMS or MMS sent to your mobile phone. Even if the email looks legit, go directly to the website of origin and verify any possible updates.
Authored by - Hussain Ali Ladha
TCS Enterprise Security and Risk Management
Rate this article: