BankBot Trojan in Play Store Targeted Wells Fargo, Chase and Citibank Customers
Most experts will tell you that it’s a good idea to install Android applications from the Play Store rather than third-party sources. Google does a ton of work to keep the Play Store safe. Still, it’s impossible for anyone, including Google, to stay ahead of attackers all the time. So every once in a while, malicious applications sometimes make their way into the Play Store — most recently a mobile banking trojan, BankBot, that targeted Wells Fargo, Chase and Citibank customers.
More than once this year, security researchers discovered variations of the BankBot in Play Store downloads. The trojan’s been known to target users of banking apps including Wells Fargo, Chase, DiBa and Citibank who live in the U.S., Australia, Germany, Netherlands, France, Poland, Spain, Portugal, Turkey, Greece, Russia, Dominican Republic, Singapore and Philippines, and it works by laying a fake login interface over legitimate apps and intercepting login credentials.
Each time BankBot has been spotted and reported to the Play Store team, Google has been swift to take it down. But a harder-to-detect version uncovered with the help of security analysts at Avast, ESET and SfyLabs escaped notice until November 17, giving it time to infect thousands of users.
The new version of BankBot was found hiding in applications like Tornado FlashLight, Lamp For DarkNess, and Sea FlashLight on October 13. According to the researchers who discovered it, its programmers were able to circumvent the Play Store’s security scans by publishing BankBot-infected apps under multiple accounts and delaying execution of its malicious code for two hours after users granted it device administrator rights.
It can be difficult to protect against clever banking trojans like BankBot, but the folks at Avast have a few tips. They suggest checking an application’s Play Store ratings before downloading it, paying attention to its permissions requests, and denying it device administrator privileges unless it absolutely needs them. Next time you’re browsing the Play Store for apps, keep those in mind.
Source: Avast Blog