ThiefBot
Android continues to be targeted by malware developers who release all threatening software types compatible with the popular mobile operating system. The most harmless bogus applications for Android tend to have basic features – they may show some advertisements here and there, or end up redirecting users to unknown websites. However, this post is about a new threat called ThiefBot. ThiefBot is meant to work as a banking Trojan that uses phishing prompts and abuses the Android accessibility service to gain access to a great fraction of the infected mobile device's data and features.
This Android Banking Trojan Goes after Turkish Bank Customers
The original author of ThiefBot appears to be renting it out to other cybercriminals, as there are several advertisements about this Malware-as-a-Service project. According to the advertisements, ThiefBot is best suited for attacks against Turkish victims – it features special overlays and phishing prompts for popular payment services and online bank portals in Turkey. Some of the entities that ThiefBot targets are Papara Payment Service, Garanti Bank, Finans Bank, Ziraat Bank, AkBank and Vakif Bank. Since more than one group of crooks may operate the ThiefBot Trojan, it is safe to assume that they may abuse different propagation channels. The threatening software may be distributed via 3rd-party application stores, fake downloads, corrupted advertisements, social media, text messages and more.
In addition to the phishing prompts that are ThiefBot's main feature, the Trojan implant also can perform the following tasks:
- Lock/unlock the screen.
- Send messages to custom phone numbers.
- Collect contact information.
- Send text messages to all entries on the contact list.
- Download and manage text messages.
- Display custom notifications.
- Update the list of phishing prompts with a new one fetched from the control server.
The Malware-as-a-Service concept that ThiefBot's author uses is a major problem since many cybercriminals may end up investing in that threatening software. Furthermore, its features may be enhanced to target other financial institutions and payment processors, therefore expanding its reach. To stay safe from the ThiefBot and similar Android Trojans, you should consider keeping your device protected by an up-to-date anti-malware application.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.