According to the Dr.Web Once this Malware Reached to the Android Device , it force to user and grant the Admin privilege and also Delete the Icon in the Home Screen.
Bank Bot Malware Specifically Target Users belongs to UK, Austria, Germany, and Turkey ,especially Bank Customers.
Few Week Before Injected Banking malware discover in Google play store. it appeared like an ordinary application with embedded malware.
Avoid Detection by Google’s security scans:
Malware Authors improves the codes of the BankBot Malware which Avoid detection by Google Security Scans .
Based on the Sophisticated Malware codes act as a non-malicious Application when Scanner trying to Detect them.
Fraudulent authentication To Access:
According to the Dr.Web Security Researchers , “Information on found matches is sent to the C&C server. The Trojan receives a list of files to be monitored from execution.”After one of them is launched, Android.BankBot.149.origin displays WebView on top of the attacked application with a fraudulent authentication form to access the user account. Then the entered information is sent to the server.
Android.BankBot.149.origin also tries to steal bank card information. According to Dr.Web, To do that, it tracks launch of the following programs
- WhatsApp (com.whatsapp);
- Play Store – com.android.vending;
- Messenger – com.facebook.orca;
- Facebook – com.facebook.katana;
- WeChat – com.tencent.mm;
- Youtube – com.google.android.youtube;
- Uber – com.ubercab;
- Viber – com.viber.voip;
- Snapchat – com.snapchat.android;
- Instagram – com.instagram.android;
- imo – com.imo.android.imoim;
- Twitter – com.twitter.android.
After the launch of one of these applications,these Trojan makes to Purchase form google Play to the Users.Researchers Said ,When an SMS message arrives, the Trojan turns off all sounds and vibrations, sends the message content to the cybercriminals, and attempts to delete the original messages from the list of incoming SMS messages to hide them from the user.
BankBot can steal login credentials for more than banking applications. Previous versions were also able to steal login details for apps such as Facebook, Viber, Youtube, WhatsApp, Uber, Snapchat, WeChat, IMO, Instagram, Twitter, and the Google Play Store..