New Android Malware Specializes in Extracting Financial Data
Hackers are again targeting Android users with a new form of banking malware that aims at stealing not only financial but also other types of data from infected mobile devices. The new malware was discovered by researchers from the cyber security company Dr Web, and it has already been flagged as "Android.BankBot.211.origin." The good news is that the researchers identified the new threat before it could land on Google Play Store, injected in some attractive new applications. The malware still spreads using the names of popular programs like Adobe Flash Player, though potential victims need to download the malicious APKs from some other infected sources. That makes it relatively easy to avoid the infection as users only need to be careful not to download any files from unknown links or third-party app stores.
The researchers claim that BankBot is mainly interested in stealing financial data from the infected phone, yet it has a broader range of capabilities that allow it perform a number of other actions. The malware uses Android's accessibility service to take control over the target device. It does this by displaying a request form on the screen through which it makes itself the default message manager and adds itself to the device administrator list. Once it has finished its installation, BankBot is capable of sending SMS messages to numbers that belong to the hackers, whereby the messages can contain a specific text. This way the malware can extract data from any received text message, steal phone calls details, contacts lists, and information on installed applications. Furthermore, BankBot can steal passwords typed by the victim on various websites by taking screenshots.
BankBot can extract the victim's online banking data by displaying fake input forms for login credentials, as well as phishing dialogs asking for credit card details. The malware can also prevent the user from installing anti-malware applications on the infected device, securing thus that all of its features will run properly. Also, the hackers can easily update the configuration file with the list of targeted programs, therefore the malware can attack users of any application.
Researchers from Dr Web claim that BankBot initially targeted only Android devices in Turkey, however, later on, the list of targeted countries expanded substantially to include France, Germany, the US, and the UK. While it is relatively easy to avoid downloading the malicious APKs of BankBot, removing it could be tricky. You can clear your Android device from the malware only in "safe mode" whereby you need to delete its entry from the device's administrator list. After that, researchers recommend running some antivirus tool that already detects this particular infection.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.