BianLian

Posted: July 4, 2019

BianLian Description

BianLian is a family of Trojan droppers and banking Trojans that can drop other threats onto the system and collect information, emphasizing bank account-based attacks. The latest members of this family, as of 2019, stress the data-collecting aspects of the payload, as well as some anti-analyses defenses. Users can update their anti-malware programs for optimizing their accuracy and deleting BianLian as soon as possible.

Real Trojans Hiding under Seven Rubbish Types

The existence of the BianLian family of Trojans is a well-established fact among security researchers, ever since a Google Play store-compromising campaign in 2018. Trojans don't stand still, however, and malware researchers can confirm new updates to BianLian that expand both its defensive and offensive possibilities. The threat is a foremost concern for 'smart' phone users since it compromises Android environments.

The oddest trait in the newest version of BianLian is its obfuscation. While most Trojans include different ways of hiding or confusing their code versus analysis tools, BianLian does so with the creative means of generating fake classes, packages, and functions with 'garbage' data. The ratio of junk to genuine code is roughly seven to one. There is one, other threat, the Anubis Troja (another Android banking Trojan) that can use the same technique, which makes a link between the two campaigns increasingly likely.

After sorting through irrelevant data, malware experts can confirm both old and new modular attacks in 2019's BianLian. It contains a dropping function, but only as a utility for itself, instead of a separate threat. Its real attacks include recording the screen, establishing a backdoor with an SSH server, recording SMS messages, and inserting overlays on top of browsers for intercepting data or modifying the user's experience. It also may lock the phone and prevent the user from accessing it.

Taking Out the Trojans along with the Trash

Android users have several options for defending against both old and new iterations of BianLian and its campaigns strategically. They can avoid interactions with low-reviewed applications, which is a possible sign of compromise by Potentially Unwanted Programs (PUPs) or Trojans. They can install software updates promptly for eliminating most possibilities concerning remote code execution via vulnerabilities such as buffer overflows. Especially relevant to BianLian is that possible victims train themselves on identifying bank-themed phishing lures, such as e-mail messages that forge security requests from companies like the Al Baraka Banking Group.

BianLian's garbage data might help slow down security researchers, but most security products should identify it as a being a Trojan. Scanning any unusual file attachments before opening them is a way of identifying a possible attack with a high success rate. Although many security products use heuristic or generic labels for this threat, they should quarantine or delete BianLian appropriately.

The imagination that threat actors put into criminal programming can raise a speed bump in the path of security researchers but rarely is an impenetrable barricade. As BianLian reworks itself into something very different from the original Trojan, users can depend on the 'same old' security solutions and safeguards for their phones.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to BianLian may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to BianLian may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.