Niels Croese, a security consultant, first came across the Android banking malware, whose source code went online earlier in 2017, in an app called Funny Videos 2017. A closer look revealed that as many as 5,000 users had installed the compromised app onto their devices. Croese said in a blog post: “To our surprise the list was more extensive than expected and for the first time contained some new Dutch targets including ABN, Rabobank, ASN, Regiobank, and Binck”.
The security expert wanted to analyse the malware, and discovered a list of all the apps BankBot was targeting. In total, that sample of the trojan had compromised more than 400 apps available for download on Google Play. For each of the apps it infected, BankBot used phishing overlays to steal users’ banking credentials and payment card details.
Google has since removed Funny Videos 2017 from its Play Store.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now