Tuesday, 21 November 2017
One comments

New Banking Malware Spreads in Flashlight and Solitaire Apps

New Banking Malware Spreads in Flashlight and Solitaire Apps


New Banking Malware Spreads in Flashlight and Solitaire Apps


BankBot, a new Banking Malware found by cybersecurity researchers. Discovered by the joint operation of security researchers at Avast, ESET and SfyLabs in Google play store. 


BankBot malware was first found in 2008 targeting third-party websites. But later it was discovered in Google play store in 2014 which infected lots of Android Apps.


How it's Working?


Once Malware was installed on the device, it will check bank apps on your mobile device. Once its found one of the Bank apps available, BankBot will connect to its C&C server and upload the targets package name and label., according to report TrendMicro The C&C server will send a URL to BankBot so it can download the library that contains files used for the overlay webpage and displayed on the top of the legitimate banking App and used to steal users credentials.


BankBot app asks your banking details twice after it will send stolen data to its Server. When you used to open your Bank App it will display an overlay webpage on top of the banking application then its behave fake version of Banking apps and gets administrator privileges before removing the app icon. Victims thought its genuine banking app but it's not and the user enters into a fake app.


The Apps work in the backend, to collect private information like SMS, Credit card numbers, CVC and more. Also, it's able to collect phone information such as IMEI number, Mobile device model, OS version and send it to attacker server.



Affected Apps



Avast spotted first sample in OCT 2017, it was hidden in the “Tornado FlashLight” (com.andrtorn.app) and later appeared in the “Lamp For DarkNess” and “Sea FlashLight” apps. In late October and November, a smartphone cleaning app and multiple Solitaire gaming apps appeared with the malware embedded, for the aforementioned second campaign.



BankBot Malware was found in famous apps like Flashlight and Solitaire. Solitaire apps have targeted 131 banks customers worldwide including Citibank, Suncorp, ICICI, Noris, and Skrill payment system too.


How to Prevent?

  • Do not allow 'Unknown Sources' to install a malicious app.
  • Use Mobile Antivirus, Anti-malware App to protect your mobile devices.
  • Never click on unknown app link.
  • Do not give administrator permission to your apps.
  • Always download "Verified by Play Protect" Apps.
  • Keep Mobile backup always.

1 comments:


  1. Confront your cheating spouse with evidence, I was able to spy on my cheating ex phone without finding out.....it really helped me.. contact hotcyberlord at gmail dot com or call and text +1 5402277725 for spying and hacking social networks, school servers, icloud and much more, viber chats hack,retrieving deleted texts of any kind. Facebook messages and yahoo messenger, calls log and spy call recording, monitoring SMS text messages remotely, cell phone GPS location tracking, spy on Whats app Messages.
    Email: hotcyberlord at gmail dot com
    text num:+15402277725
    what's app:+254797118868
    tell him jane referred you.

    ReplyDelete

 
Toggle Footer
Top