Android Malware Blocks Mobile Antivirus Apps from Launching

Jack

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
One Android banking trojan has borrowed a trick from its desktop counterparts, and besides stealing login credentials from banking apps, this threat also sabotages mobile antivirus applications and prevents them from launching.

For the moment, this Android banking trojan is active only in Germany and targets the mobile apps of 15 German banks.

Discovered by malware analysts at Fortinet and tracked as Android/Banker.GT!tr.spy (Banker.GT for this article), this threat is your run-of-the-mill Android banking trojan.

The one feature that allows it to stand out is its ability to detect the presence of local mobile security applications and block them from starting. The list of Android security software includes the following apps:

Code: 
avg.antivirus
com.anhlt.antiviruspro
com.antivirus
com.antivirus.tabletcom.nqmobile.antivirus20
com.bitdefender.antivirus
com.cleanmaster.boost
com.cleanmaster.mguard
com.cleanmaster.mguard_x8
com.cleanmaster.sdk
com.cleanmaster.security
com.dianxinos.optimizer.duplay
com.drweb
com.duapps.antivirus
com.eset.ems.gp
com.eset.ems2.gp
com.kms.free
com.netqin.antivirus
com.nqmobile.antivirus20.clarobr
com.piriform.ccleaner
com.qihoo.security
com.qihoo.security.lite
com.referplish.VirusRemovalForAndroid
com.sonyericsson.mtp.extension.factoryreset
com.symantec.mobilesecurity
com.thegoldengoodapps.phone_cleaning_virus_free.cleaner.booster
com.trustlook.antivirus
com.womboidsystems.antivirus.security.android
com.zrgiu.antivirus
droiddudes.best.anitvirus
oem.antivirus
To be able to do this, when users install the app tainted with the Banker.GT trojan, the user must give it administrator rights.

Read more: Android Malware Blocks Mobile Antivirus Apps from Launching
 
  • Like
Reactions: ant_gamal, Venustus, ForgottenSeer 55474 and 12 others
T

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
This happens because in Android the termination of processes, and then of the antivirus is trivial thing with admin rights.
I use Zemana and it seems to be not present in the list :D But probably the list will be constantly updated by the malcoder.
 
  • Like
Reactions: ant_gamal, aragornnnn, Venustus and 9 others
T

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
ttto said:
I think Android malware is evolving very quickly. Although you can be fine without AV if you only install certain apps from Play Store, I found web protection very useful, that's the main reason I've one installed in my tablet. I saw Norton on the list:oops:. In my tablet is still launching though:p.
Click to expand...
I use Zemana Mobile Security and Adguard free version that offers a good web protection from ads and malversting that in my country are often the cause of click-trap paid subscriptions..:eek:
 
  • Like
Reactions: aragornnnn, Venustus, Deleted member 2913 and 6 others
Svoll

Svoll

Level 13
Verified
Top Poster
Well-known
Nov 17, 2016
627
Android or mobile malware is really evolving, I recall when i got my first android phone, there was no malware or virus programs available. Looking at the list, Hope malwarebytes doesn't show up on it. Thanks for an informative post OP.
 
  • Like
Reactions: DardiM, aragornnnn, Venustus and 4 others
Solarquest

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
I cannot imagine a smartphone nowadays without an AV...too many devices are not and cannot be updated and are too vulnerable.:mad:
AV and safe habits are the best, if not only, real defence...
I used Avast before and Kasperky right now, happy they are not on the list, yet..:)
 
  • Like
Reactions: DardiM, aragornnnn, jamescv7 and 5 others
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
You can have no any security programs installed, the concept of attacks in Android and Windows are different.

Remember that if you think worried for installing unknown sources then put an AV.
 
  • Like
Reactions: DardiM, bayasdev and aragornnnn
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Hundred Points
    • +Reputation
Malware News TrickMo malware steals Android PINs using fake lock screen
Replies
0
Views
1,268
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Malware News Over 200 malicious apps on Google Play downloaded millions of times
Replies
1
Views
1,187
Security News
Digmor Crusher
Digmor Crusher
MuzzMelbourne
    • Like
    • +Reputation
    • Wow
Anatsa Android trojan now steals banking info from users in US, UK
Replies
0
Views
1,022
News Archive
MuzzMelbourne
MuzzMelbourne

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top