BankBot – A Dangerous Android Trojan
Android smartphones are much in demand as users find it user-friendly and economical. 9 out of 10 users, use android phones as it is well known for its remarkable features and easy to use user-interface and most of all it is easily available to the users in all prices. With a hike in demand, hackers find it an easy source to target users through Google Play store apps with an attempt to extract confidential online financial and personal details in return for monetary benefits.
Furthermore, it’s expected that individuals in the UK and the US are being focused by malware attacks.
BankBot which took its form in April 2008, have attacked over 400 apps on the Google Play Store.
This malware was created with an intention to taint the android devices to gain administrative access and hence to remove the malicious app icon even before the users sees it.
It deceives the users by making them to think that the application that tainted their devices has been erased, however in undeniable reality it is as yet working out of sight.
BankBot functions to keep an eye on any SMS sent, and can likewise gather delicate credit and check card data.
This is done by making FAKE card passage screens, to trick the users by making the page look authentic and hence makes it convincing for them to share the card details..
By this way the users, in reality do not purchase anything but are tricked into sharing their most critical card information to the malware authors.
The malware is additionally equipped for making more fake screens – however this time it is developed for internet banking logins.
Antivirus experts from Russia, disclosed as to how BankBot operates to compromise the user’s device to extract the user’s banking credential.
Once the information is stolen, the hackers get access over the information through a C&C server.
The security experts have found that the trojan has been targeting users in Turkey, America, Australia, Poland, Germany, Poland and France.
The working of BankBot was well described in the Dr. Web’s Blog as “The Trojan also collects information about all launched applications and user’s actions performed within them.
“For example, it tracks available text fields, such as menu elements, and logs key strokes and other components of the user interface.
“Moreover, Android.BankBot.211.origin is capable of stealing login credentials and other authentication information input by users in any programs on any websites during authorization.
“To steal passwords, the Trojan takes a screenshot of every key stroke; as a result, it obtains the required sequence of characters before they are hidden.
“After that, the information input into the displayed fields and all the saved screenshots are sent to the command and control server.”
Here are some of the tips for the Android users to understand as to how to defend the such malicious attacks
- When a phone is infected, load it on a safe mode
- Check the list of system administrators through the system settings
- Identify the Trojan from the administrators’ list by checking their respective rights.
- Restart the system, ensure to run an antivirus scan to remove the Trojan completely.
Related Resources: