Home Malware Programs Malware BianLian

BianLian

Posted: July 4, 2019

BianLian is a family of Trojan droppers and banking Trojans that can drop other threats onto the system and collect information, emphasizing bank account-based attacks. The latest members of this family, as of 2019, stress the data-collecting aspects of the payload, as well as some anti-analyses defenses. Users can update their anti-malware programs for optimizing their accuracy and deleting BianLian as soon as possible.

Real Trojans Hiding under Seven Rubbish Types

The existence of the BianLian family of Trojans is a well-established fact among security researchers, ever since a Google Play store-compromising campaign in 2018. Trojans don't stand still, however, and malware researchers can confirm new updates to BianLian that expand both its defensive and offensive possibilities. The threat is a foremost concern for 'smart' phone users since it compromises Android environments.

The oddest trait in the newest version of BianLian is its obfuscation. While most Trojans include different ways of hiding or confusing their code versus analysis tools, BianLian does so with the creative means of generating fake classes, packages, and functions with 'garbage' data. The ratio of junk to genuine code is roughly seven to one. There is one, other threat, the Anubis Troja (another Android banking Trojan) that can use the same technique, which makes a link between the two campaigns increasingly likely.

After sorting through irrelevant data, malware experts can confirm both old and new modular attacks in 2019's BianLian. It contains a dropping function, but only as a utility for itself, instead of a separate threat. Its real attacks include recording the screen, establishing a backdoor with an SSH server, recording SMS messages, and inserting overlays on top of browsers for intercepting data or modifying the user's experience. It also may lock the phone and prevent the user from accessing it.

Taking Out the Trojans along with the Trash

Android users have several options for defending against both old and new iterations of BianLian and its campaigns strategically. They can avoid interactions with low-reviewed applications, which is a possible sign of compromise by Potentially Unwanted Programs (PUPs) or Trojans. They can install software updates promptly for eliminating most possibilities concerning remote code execution via vulnerabilities such as buffer overflows. Especially relevant to BianLian is that possible victims train themselves on identifying bank-themed phishing lures, such as e-mail messages that forge security requests from companies like the Al Baraka Banking Group.

BianLian's garbage data might help slow down security researchers, but most security products should identify it as a being a Trojan. Scanning any unusual file attachments before opening them is a way of identifying a possible attack with a high success rate. Although many security products use heuristic or generic labels for this threat, they should quarantine or delete BianLian appropriately.

The imagination that threat actors put into criminal programming can raise a speed bump in the path of security researchers but rarely is an impenetrable barricade. As BianLian reworks itself into something very different from the original Trojan, users can depend on the 'same old' security solutions and safeguards for their phones.

Loading...