BankBot is a remotely controlled Android banking trojan capable of harvesting banking details using fake login forms for a number of apps, intercepting text messages in order to bypass 2-factor-authentication, and displaying unsolicited push notifications.
Misuse of Android Accessibility has been previously observed in a number of different trojans, mostly outside Google Play. Recent analyses from SfyLabs and Zscaler have confirmed that the crooks spreading BankBot managed to upload an app with the Accessibility-abusing functionality to Google Play, only without the banking malware payload.
The “complete puzzle” featuring the banking malware payload that managed to sneak into Google Play masqueraded as a game named Jewels Star Classic. The attackers misused the name of popular legitimate game series Jewels Star that is not connected to this malicious campaign.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now