New Android Malware “BasBanke” Steal Financial Data Such as Credentials & Credit/Debit Card Numbers

Researchers discovered a new Android Malware called “BasBanke” targeting Brazilian users to steals financial related sensitive data such as credentials and credit/debit card numbers.

BasBanke Malware continuously infects users since 2018 Brazilian elections using various malicious apps that downloaded over 10,000 times from Google Play Store till the date.

Malware authors abusing Facebook and WhatsApp social media adverting to trick users into downloading the malware and perform various other attacks includes keystroke logging, screen recording, SMS interception.

Advertising campaign URL either pointed to the official Google Play Store or another website where attackers trick users to malicious APK.

In this case, A malicious app called CleanDroid is one of the widespread malicious apps which is advertising on Facebook and pointed the download link into Google Play store.

“This fake application promises to protect the victim’s device against viruses, to optimize memory space, and to save data when using a 3G or 4G connection. In reality, it is a banking Malware.”

Malicious Play Store Apps

Malicious Android apps that hosted in Google play Store posed as
applications with supposed functionality such as a secure QR reader, a fake app for a real travel agency with travel deals, and – implementing a well-known trick – as an application to “see who visited your profile.” 

Brazilian financial institutions and other popular websites such as Spotify, YouTube, and Netflix Since the attackers are significantly targeting the banking applications.

According to Kaspersky research, “We have previously found a few malicious campaigns similar to this but with significantly reduced distribution when compared to BasBanke. Another difference is that BasBanke uses Facebook and WhatsApp as a mass distribution vector. ‘

Once they convenience the targeted users, malicious apps collect the
metadata such as the device name, IMEI, and the telephone number and send back to the attacker via c2 server.

IOC

Hashes
00de6f665a41be232a4df975944a2580
0f455547228459c65044845671c9de83
5ff98c27c34ec90c82bb46c28453e3e0
41301a295044410c41d547e6abc9a1a9
e1dfeee5bb82b27c5866da16063aa833
1aa0a4992168953a631a625ab181e236
11edce35dad85f3e188bfd13b718d19c
79cf391a3ae2477cd804c68850dba80d
6938b27cdbc5ac5e98fd2a34bde034a6
7e1bb73f514b6af7be16ab5bcb0efa5e

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Also Read:

Hackers Deliver Banking Malware Through Password Protected ZIP File

Organized Cybercrime – Hacker Groups Work Together To Distribute Banking Malware Globally

Fileless Banking Malware Steals User Credentials, Outlook Contacts, and Installs Hacking Tool

Beware!! Fake Browser Update Drops a Ransomware & Banking Malware into Your Computer