BankBot trojan is back to Google Play

Wednesday 27 September 2017 13:59 CET | News

Android banking trojan BankBot has found its way to Google Play again with improved code obfuscation, a payload dropping functionality and an infection mechanism.

BankBot is a remotely controlled Android banking trojan capable of harvesting banking details using fake login forms for a number of apps, intercepting text messages in order to bypass 2-factor-authentication, and displaying unsolicited push notifications.

Misuse of Android Accessibility has been previously observed in a number of different trojans, mostly outside Google Play. Recent analyses from SfyLabs and Zscaler have confirmed that the crooks spreading BankBot managed to upload an app with the Accessibility-abusing functionality to Google Play, only without the banking malware payload.

The “complete puzzle” featuring the banking malware payload that managed to sneak into Google Play masqueraded as a game named Jewels Star Classic. The attackers misused the name of popular legitimate game series Jewels Star that is not connected to this malicious campaign.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Trojan, banking, cybercrime, cyber threats, Google Play, BankBot, malware
Categories: Securing Transactions | Digital Identity, Security & Online Fraud
Countries: World
This article is part of category

Securing Transactions