|Thanx To THN|
I love watching funny videos clips online, and this is one of the best things that people can do in their spare time.
But, beware if you have installed a funny video app from Google Play Store.
A security researcher has discovered a new variant of the infamous Android banking Trojan hiding in apps under different names, such as, on Google Play Store.
Niels Croese, the security researcher at Securify B.V firm, analyzed the Funny Videos app that has 1,000 to 5,000 installs and found that the app acts like any of the regular video applications on Play Store, but in the background, it targets victims from banks around the world.
This newly discovered banking Trojan works like any other banking malware, but two things that makes it different from others are — its capability to target victims and use of DexProtector tool to obfuscate the app's code.
How Android Banking Trojan Works
In a nutshell, BankBot is mobile banking malware that looks like a simple app and once installed, allows users to watch funny videos, but in the background, the app can intercept SMS and display overlays to steal banking information.
Mobile banking trojan often disguises itself as a plugin app, like Flash, or an adult content app, but this app made its way to Google Play Store by disguising itself as any other regular Android app.
Google has removed this malicious app from its Play Store after receiving the report from the researcher, but this does not mean that more such apps do not exist there with different names.
"Another problem is that Google [Play Store] mainly relies on automated scanning without a full understanding of the current obfuscation vectors resulting in banking malware on the Google Play Store." researcher told The Hacker News.Once downloaded, the app persistently requests administrative rights, and if granted, the banking malware can control everything that's happening on an infected smartphone.
The BankBot springs into action when the victim opens any of the mobile apps from a pre-configured list of 425 banking apps. A complete list of banks a BankBot variant is currently imitating can be found on the blog post published by the researcher.
Once one of the listed apps is opened, BankBot immediately displays an overlay, which is a page on the top of legitimate mobile banking app and tricks Android users entering their banking credentials into the overlay, just like a phishing attack.
This will not only sends your banking credentials to your bank’s servers but also sends your financial credentials to the server controlled by fraudsters.
This social engineering technique is often used by financially motivated criminals to deceive users into giving up their personal details and sensitive banking information to fraudsters.
How to protect yourself?
There are standard protection measures you need to follow to remain unaffected: