- Apr 21, 2016
- 4,369
The BankBot Android banking Trojan is back, managing to bypass Google's security scans once more to reach the Play Store.
This particular banking trojan was first discovered back in January when the source code for an unnamed Android banking Trojan was dumped on an underground hacking forum. It didn't take long before that source code was picked up and turned into BankBot.
So far, it was used to target banks in Russia, the UK, Austria, Germany, and Turkey. Now, thanks to some tweaks in the code, the malware can disguise itself in order to avoid the Google security scanner. By April, three different BankBot campaigns had been detected and Google took down the infected apps.
Unfortunately, other apps appeared in their place. This time around, after Dr. Web and ESET detected their share of campaigns, it's time for Securify to step in. According to the Dutch security firm, two new BankBot campaigns have managed to bypass the security checks for the Play Store.
How does it work?
BankBot works by showing a fake login window on top of the legitimate banking app installed on a user's device. In short, BankBot can be used to steal login credentials for banking apps, which is, obviously, very bad. It can also be used to steal login details for other apps, including Facebook, YouTube, WhatsApp, Snapchat, Instagram, Twitter, and even the Google Play Store.
Read more: BankBot Malware Once More Hits Google Play
This particular banking trojan was first discovered back in January when the source code for an unnamed Android banking Trojan was dumped on an underground hacking forum. It didn't take long before that source code was picked up and turned into BankBot.
So far, it was used to target banks in Russia, the UK, Austria, Germany, and Turkey. Now, thanks to some tweaks in the code, the malware can disguise itself in order to avoid the Google security scanner. By April, three different BankBot campaigns had been detected and Google took down the infected apps.
Unfortunately, other apps appeared in their place. This time around, after Dr. Web and ESET detected their share of campaigns, it's time for Securify to step in. According to the Dutch security firm, two new BankBot campaigns have managed to bypass the security checks for the Play Store.
How does it work?
BankBot works by showing a fake login window on top of the legitimate banking app installed on a user's device. In short, BankBot can be used to steal login credentials for banking apps, which is, obviously, very bad. It can also be used to steal login details for other apps, including Facebook, YouTube, WhatsApp, Snapchat, Instagram, Twitter, and even the Google Play Store.
Read more: BankBot Malware Once More Hits Google Play
