Level 58
Content Creator
Malware Hunter
The BianLian banking Trojan has been upgraded with two new modules designed to record the screens of infected Android devices and to create a SSH server for camouflaging its communication channels.

While BianLian was initially developed as a lowly dropper designed to be a transport conduit for more capable Android malware as observed by ThreatFabric's researchers during 2018, its developers eventually added several new modules that converted it into a banking Trojan.

The extra components allow the malware to send text messages, to run arbitrary USSD codes, to lock the screens of compromised devices, and to inject push notifications and perform overlay attacks that enable it to steal banking credentials.

FortiGuard Labs researchers have now discovered yet another BianLian sample that has been further upgraded by its masters, distributed in the form of a heavily obfuscated APK that relies "on generating a variety of random functions to hide the real functionalities of the sample."