Sophisticated Android Based Banking Trojan “BankBot” Reach Play Store Which Avoid Detection by Google Security Scanner

[jpshare]Specifically Target to infect  Android  Trojan entered into Google Play store which give more pain to Google Security team to find this  malware “Android.BankBot.149.origin” .

According to the Dr.Web Once this Malware Reached to the Android  Device , it force to user and grant the Admin privilege  and also Delete the Icon in the Home Screen.

Bank Bot Malware Specifically Target Users belongs to UK, Austria, Germany, and Turkey ,especially  Bank Customers.

Few Week Before Injected Banking malware discover in Google play store.  it appeared like an ordinary application with embedded malware.

Avoid Detection by Google’s security scans:

Malware Authors improves the codes of the BankBot Malware which Avoid detection by Google Security Scans .

Based on the Sophisticated  Malware codes act as a non-malicious Application when Scanner trying to Detect them.

Fraudulent authentication To Access:

According to the Dr.Web Security Researchers , “Information on found matches is sent to the C&C server. The Trojan receives a list of files to be monitored from execution.”

After one of them is launched, Android.BankBot.149.origin displays WebView on top of the attacked application with a fraudulent authentication form to access the user account. Then the entered information is sent to the server.

Android.BankBot.149.origin also tries to steal bank card information. According to Dr.Web, To do that, it tracks launch of the following programs

• WhatsApp (com.whatsapp);
• Play Store – com.android.vending;
• Messenger – com.facebook.orca;
• Facebook – com.facebook.katana;
• WeChat – com.tencent.mm;
• Youtube – com.google.android.youtube;
• Uber – com.ubercab;
• Viber – com.viber.voip;
• Snapchat – com.snapchat.android;
• Instagram – com.instagram.android;
• imo – com.imo.android.imoim;
• Twitter – com.twitter.android.

After the launch of one of these applications,these Trojan makes to Purchase form google Play to the Users.

Researchers Said ,When an SMS message arrives, the Trojan turns off all sounds and vibrations, sends the message content to the cybercriminals, and attempts to delete the original messages from the list of incoming SMS messages to hide them from the user.

BankBot can steal login credentials for more than banking applications. Previous  versions were also able to steal login details for apps such as Facebook, Viber, Youtube, WhatsApp, Uber, Snapchat, WeChat, IMO, Instagram, Twitter, and the Google Play Store..

Also Read:

• Many New Apps Injected with Banking Malware found in Google Play Store
• Mobile spyware that steal Twitter credentials uses sandbox to Evade antivirus detections
• Google strengthen it’s defence against Ransomware to Attack Android