SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
23 Jan 2017

Source code for another Android banking malware leaked

Another bad news for Android users — Source code for another Android banking malware has been leaked online via an underground hacking forum.

This newly discovered banking Trojan is designed to steal money from bank accounts of Android devices' owners by gaining administrator privileges on their smartphones.

Apparently, it will attract the attention of many cyber criminals who can recompile the source code or can also use it to develop more customized and advanced variants of Android banking Trojans. According to security researchers from Russian antivirus maker Dr. Web, the malware's source code was posted online, along with the information on how to use it, meaning Android devices are most likely to receive an increasing number of cyber attacks in upcoming days. Mobile banking Trojans: what they are and how to protect against them.

Leaked: Trojan Source Code + 'How to Use' Instructions

Dr. Web researchers said they have already discovered one banking trojan in the wild developed using this leaked source code, adding that the Trojan is distributed as popular apps either directly injected in APKs available online or in third-party app stores. Dubbed BankBot, the trojan has the ability to get administrator privileges on infected devices. Once it gets full privileges, the malware trojan removes the app's icon from the phone's home screen in order to trick victims into believing it was removed.

However, the BankBot trojan remains active in the background, waiting for commands from attacker's command and control (C&C) server. It found targeting only users of Russian banks. BankBot has the ability to perform a broad range of tasks, including send and intercept SMS messages, make calls, track devices, steal contacts, show phishing dialogs, and steal sensitive information, like banking and credit card details.

    "Like many other Android bankers, [BankBot] steals confidential user information by tracking the launch of online banking apps and payment system software. One sample examined by Doctor Web's security researchers controls over three dozen such programs," the researchers explains.

    "Once Android.BankBot.149.origin detects that any of the aforementioned applications have been launched, it loads the relevant phishing input form to access user bank account login and password information and displays it on top of the attacked application."

Why Should You Worry about BankBot?

The malware hides itself until the victim opens any mobile banking or social media app. Once the victim opens one such app, BankBot launches a phishing login overlays, tricking victims to re-authenticate or re-enter their payment card details. The collected data is then sent back to online servers, where the attackers can access the stolen data.

BankBot can phish credentials for apps including Facebook, WhatsApp, Instagram, Twitter, Youtube, Snapchat, Viber, WeChat, imo, Uber, and the Google Play Store. Besides this, the BankBot trojan can also intercept text messages, send them to the attackers, and then delete them from the victim's smartphone, which means bank notifications never reach the users.

How to Protect Yourself against such Attacks?

Now, this is just one piece of malware developed using the publicly available source code and discovered by researchers. There are chances that more such malware are out there targeting Android devices but not yet caught. To prevent yourself against such attacks, as I previously recommended, you are advised to:

  •     Always be super-careful when downloading APKs from third-party app stores. Go to Settings → Security and then Turn OFF "Allow installation of apps from sources other than the Play Store."
  •     Never open attachments from unknown or suspicious sources.
  •     Never click on links in SMS or MMS sent to your mobile phone. Even if the email looks legit, go directly to the website of origin and verify any possible updates.
  •     Always keep your Anti-virus app up-to-date.
  •     Keep your Wi-Fi turned OFF when not in use and Avoid unknown and unsecured Wi-Fi hotspots.
Tags:
Android information leaks
Source:
The Hacker News
2029
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015