Researchers discovered a new Android Malware called “BasBanke” targeting Brazilian users to steals financial related sensitive data such as credentials and credit/debit card numbers.

BasBanke Malware continuously infects users since 2018 Brazilian elections using various malicious apps that downloaded over 10,000 times from Google Play Store till the date.

Malware authors abusing Facebook and WhatsApp social media adverting to trick users into downloading the malware and perform various other attacks includes keystroke logging, screen recording, SMS interception.

Advertising campaign URL either pointed to the official Google Play Store or another website where attackers trick users to malicious APK.

In this case, A malicious app called CleanDroid is one of the widespread malicious apps which is advertising on Facebook and pointed the download link into Google Play store.

“This fake application promises to protect the victim’s device against viruses, to optimize memory space, and to save data when using a 3G or 4G connection. In reality, it is a banking Malware.”

Malicious Play Store Apps

Malicious Android apps that hosted in Google play Store posed as
applications with supposed functionality such as a secure QR reader, a fake app for a real travel agency with travel deals, and – implementing a well-known trick – as an application to “see who visited your profile.” 

Brazilian financial institutions and other popular websites such as Spotify, YouTube, and Netflix Since the attackers are significantly targeting the banking applications.

According to Kaspersky research, “We have previously found a few malicious campaigns similar to this but with significantly reduced distribution when compared to BasBanke. Another difference is that BasBanke uses Facebook and WhatsApp as a mass distribution vector. ‘

Once they convenience the targeted users, malicious apps collect the
metadata such as the device name, IMEI, and the telephone number and send back to the attacker via c2 server.



You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Also Read:

Hackers Deliver Banking Malware Through Password Protected ZIP File

Organized Cybercrime – Hacker Groups Work Together To Distribute Banking Malware Globally

Fileless Banking Malware Steals User Credentials, Outlook Contacts, and Installs Hacking Tool

Beware!! Fake Browser Update Drops a Ransomware & Banking Malware into Your Computer


Please enter your comment!
Please enter your name here