Friday, May 9, 2025
HomeTorjan Horses/wormsDangerous Android Banking Trojan Control Mobile Devices and Steals Confidential Bank Customers...

Dangerous Android Banking Trojan Control Mobile Devices and Steals Confidential Bank Customers Information

Published on

SIEM as a Service

Follow Us on Google News

New Banking Trojan Discovered that named Android.BankBot.211.Origin controls the Mobile Devices and steals confidential bank customer information by using accessibility  services.

This Banking Trojan forced Victims to grant the access to install into their Mobile and it Distributed through Well known applications such as Adobe Flash Player.

Once successfully installed  and launches the Trojan, the banker tries to gain access to the Accessibility Service.

- Advertisement - Google News

Trojan keep Displays in Windows with a a request that “reappears at every attempt to close it” which make the device doesn’t allow to used it by the Victim.

Initial Target was Attempted to Turkish Bank and later on the list was expanded to include residents of other countries, including Germany, Australia, Poland, France, the United Kingdom, and the USA.

Control over Accessibility services

Accessibility services helps to user to disables the program which not in used by the users such as buttons in dialog boxes.

Also Read Vault 7 Leaks: CIA Owned PoC Malware Development Surveillance Projects 

This Trojan forced the user to allow the Malicious Program that independently adding into the administrator access list.

According to  Dr.Web, Android.BankBot.211.origin establishes itself as the default message manager and gains access to the screen capture function. All these actions are accompanied by a display of system requests that can be overlooked entirely because the malicious program immediately confirms them.

If users tried to disable the Android.BankBot.211.origin program, soon it returns to Previous system Menu.

Fraudulent windows Android.BankBot.211.origin

Once the infection has successfully completed, it will be connected to the command and control server and wait for the further instructions to steal the information from the Victims.

This Trojan has the Ability to attack any Applications and Malware authors update their access configuration files for the list of targeted programs.

Attacker received the list Once C&C sever connection successfully obtained.

According to Dr.Web  After successful infection it can able to Perform the following  Actions.

  • Send an SMS containing a specific text to the number specified in the command;
  • Send to the server SMS data stored in the device memory;
  • Forward to the server information about the installed applications, the contact list, and phone call data;
  • Open the link specified in a command;
  • Change the address of the command center.

Also Read Vulnerability Bad Taste Affects Linux Machine via Windows MSI Files

Latest articles

Hackers Weaponizing Facebook Ads to Deploy Multi-Stage Malware Attacks

A persistent and highly sophisticated malvertising campaign on Facebook has been uncovered by Bitdefender...

Threat Actors Target Job Seekers with Three New Unique Adversaries

Netcraft has uncovered a sharp rise in recruitment scams in 2024, driven by three...

Scattered Spider Malware Targets Klaviyo, HubSpot, and Pure Storage Platforms

Silent Push researchers have identified that the notorious hacker collective Scattered Spider, also known...

Chinese Hackers Exploit SAP RCE Vulnerability to Deploy Supershell Backdoors

A critical remote code execution (RCE) vulnerability, identified as CVE-2025-31324, in SAP NetWeaver Visual...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

MnuBot – New Banking Trojan Take Browsers Screenshots, Keylogging to Steal Bank Data

Newly discovered banking Trojan named MnuBot malware spreading to steal the sensitive bank related...

New Banking Trojan IcedID Evade Sandboxes and Performing Web Injection Attacks

A New Banking Trojan dubbed IcedID discovered that capable of performing some dangerous web-based...

Silence Trojan Targeting Financial Institutions Recording day to day activity on Bank Employees’ PCs

Security experts from Kaspersky lab discovered a new trojan dubbed Silence trojan that targeting Financial...