Android users have been warned of a malware strain that steals your internet banking login
Android owners have been alerted over the dangerous malware strain that tries to steal your internet banking login and sensitive bank card details.
And it’s feared that people in the UK and the US are being targeted by the malicious piece of software.
BankBot first emerged back in April 2008, however a few months ago security experts said it had compromised over 400 apps on the Google Play Store.
The malware infects an Android device and then gains administrative privileges before removing the icon of the offending app.
It tricks users into thinking the app that infected their device has been deleted, but in actual fact it is still working in the background.
BankBot is capable of spying on any SMS sent, and can also collect sensitive credit and debit card information.
It does this by creating FAKE card entry screens, so users themselves – thinking a page is genuine – enter their card details.
But instead of carrying out an authentic purchase, they are simply handing over their card number, CVC security number and address to cyber criminals.
The malware is also capable of creating more fake screens – but this time for internet banking logins.
It is capable of bringing up fake screens that feature the logos of leading banks, and then users are asked to enter their internet banking logins.
However, this is simply a stealthy ploy by the trojan so cyber criminals can steal Android users’ extremely sensitive information.
1 of 15
Dr Web, anti-virus experts based in Russia, revealed how BankBot was attempting to steal sensitive banking information.
The anti-malware company discovered BankBot recently on a fake version of Adobe Flash Player.
Once BankBot gets the information it wants, the details are passed to a hacker through a control and command (C&C) server.
Dr Web said the malware at first was attacking Android users in Turkey, but is now threatening people in dozens of countries.
The security experts claimed the trojan is targeting Android users in United Kingdom, America, Australia, Germany, France and Poland.
Dr Web published pictures of what they claimed were fake screens BankBot can display on an Android device.
One picture showed a screen where users enter bank card details that featured Google Play branding.
Another image showed a screen where people entered internet banking login details that featured a Santander logo.
Express.co.uk have contacted both Google and Santander for comment.
The BankBot malware was discovered on a fake Adobe Flash app
Describing how BankBot works, in their blog post Dr Web said: “The Trojan also collects information about all launched applications and user’s actions performed within them.
“For example, it tracks available text fields, such as menu elements, and logs key strokes and other components of the user interface.
“Moreover, Android.BankBot.211.origin is capable of stealing login credentials and other authentication information input by users in any programs on any websites during authorization.
“To steal passwords, the Trojan takes a screenshot of every key stroke; as a result, it obtains the required sequence of characters before they are hidden.
“After that, the information input into the displayed fields and all the saved screenshots are sent to the command and control server.”
Dr Web have offered Android users advice on how to fight the dangerous piece of malware.
They said: “Due to the fact that Android.BankBot.211.origin prevents anyone from removing it, the following actions must be performed in order to combat it”.
They steps are as follows:
• Load an infected smartphone or tablet in safe mode;
• Log into the system settings and go to the list of device administrators;
• Find the Trojan in this list and recall the corresponding rights (here the malicious program will try to frighten the device’s owner by warning them about the possible loss of all of their important data, but this is just a trick—the files are in no danger);
• Restart the device, perform a full anti-virus scan on it, and remove the Trojan after the scanning is complete
Dr Web published pictures of fake screens the BankBot malware can display
In April, security experts Securify claimed that hundreds of Google Play apps had been compromised by the BankBot malware.
Niels Croese, from the firm, examined the code of the trojan and believes more than 400 apps on Google Play had been compromised.
Security discovered BankBot originally on a Google Play Store app called Funny Videos 2017.
In the aftermath of their report Google removed the offending app from the Play Store.
The warning comes after fears earlier this year that more than 36.5million devices may have been infected by malware from apps on the Google Play store.
The Judy malware campaign produced fake advertising clicks in order to generate revenues for those behind it, according to the security firm Check Point.
Experts fear some 41 malicious apps which were downloaded up to 18.5m times from the Google Play store have spread the malware.
The malware has been named ‘Judy’ after the cutesy character ‘Judy the chef’ who appears in most of the affected apps.
Check Point added that the Judy malware campaign is “possibly the largest malware campaign found on Google Play.”