Thursday, July 25, 2024
EHA

Dangerous Android Banking Trojan Control Mobile Devices and Steals Confidential Bank Customers Information

New Banking Trojan Discovered that named Android.BankBot.211.Origin controls the Mobile Devices and steals confidential bank customer information by using accessibility  services.

This Banking Trojan forced Victims to grant the access to install into their Mobile and it Distributed through Well known applications such as Adobe Flash Player.

Once successfully installed  and launches the Trojan, the banker tries to gain access to the Accessibility Service.

Trojan keep Displays in Windows with a a request that “reappears at every attempt to close it” which make the device doesn’t allow to used it by the Victim.

Initial Target was Attempted to Turkish Bank and later on the list was expanded to include residents of other countries, including Germany, Australia, Poland, France, the United Kingdom, and the USA.

Control over Accessibility services

Accessibility services helps to user to disables the program which not in used by the users such as buttons in dialog boxes.

Also Read Vault 7 Leaks: CIA Owned PoC Malware Development Surveillance Projects 

This Trojan forced the user to allow the Malicious Program that independently adding into the administrator access list.

According to  Dr.Web, Android.BankBot.211.origin establishes itself as the default message manager and gains access to the screen capture function. All these actions are accompanied by a display of system requests that can be overlooked entirely because the malicious program immediately confirms them.

If users tried to disable the Android.BankBot.211.origin program, soon it returns to Previous system Menu.

Fraudulent windows Android.BankBot.211.origin

Once the infection has successfully completed, it will be connected to the command and control server and wait for the further instructions to steal the information from the Victims.

This Trojan has the Ability to attack any Applications and Malware authors update their access configuration files for the list of targeted programs.

Attacker received the list Once C&C sever connection successfully obtained.

According to Dr.Web  After successful infection it can able to Perform the following  Actions.

  • Send an SMS containing a specific text to the number specified in the command;
  • Send to the server SMS data stored in the device memory;
  • Forward to the server information about the installed applications, the contact list, and phone call data;
  • Open the link specified in a command;
  • Change the address of the command center.

Also Read Vulnerability Bad Taste Affects Linux Machine via Windows MSI Files

Website

Latest articles

ShadowRoot Ransomware Attacking Organizations With Weaponized PDF Documents

A rudimentary ransomware targets Turkish businesses through phishing emails with ".ru" domain sender addresses....

BreachForumsV1 Database Leaked: Private messages, Emails & IP Exposed

BreachForumsV1, a notorious online platform for facilitating illegal activities, has reportedly suffered a massive...

250 Million Hamster Kombat Players Targeted Via Android And Windows Malware

Despite having simple gameplay, the new Telegram clicker game Hamster Kombat has become very...

Beware Of Malicious Python Packages That Steal Users Sensitive Data

Malicious Python packages uploaded by "dsfsdfds" to PyPI infiltrated user systems by exfiltrating sensitive...

Chinese Hackers Using Shared Framework To Create Multi-Platform Malware

Shared frameworks are often prone to hackers' abuses as they have been built into...

BlueStacks Emulator For Windows Flaw Exposes Millions Of Gamers To Attack

A significant vulnerability was discovered in BlueStacks, the world's fastest Android emulator and cloud...

Google Chrome 127 Released with a fix for 24 Security Vulnerabilities

Google has unveiled the latest version of its Chrome browser, Chrome 127, which is...

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles