Monday, 13 November 2017

BankBot Android Malware Sneaks into the Google Play Store

BankBot: Google’s little Sneak

A malware known for stealing people’s bank details by posing as a legitimate bank’s web page has struck hundreds of users yet again.

The malware was spotted on the Google play store in April of this year, with a recurrence in September and then finally it has come around again in November. Each of these times the Bank Bot nuisance has been removed by the Google team.

What essentially is BankBot?

BankBot is malware that first made its appearance in the Google Play store in April of this year. Posing as a legitimate app it fools users into downloading it. BankBot then asks for permission to SMS, bank and other details, all the while appearing to be a legitimate process of downloading the app.

Finally BankBot poses as a bank page when any payment has to be made. This bank page appears as an overlay to the actual one. BankBot even has access to an individual’s SMS app to take care of dual authentication processes which is required for some banks.

Why was it so easy for users to get fooled?


Users of Google’s Play store downloaded a seemingly genuine app known as Crypto Currency Market Prices. This app appears to be the front of the malware. Having a proper appearance and containing all the details it promised to have, it was very easy for users to get fooled by the app.

By having a working app, users were easily taken in by its appearance to doubt any foul practice. Had it been an app which appeared to be full of spam or one that didn’t work well or could not be opened, it would have given users an idea of what the app really was about.

The second point to note was that the malware was removed twice by the Google team with the security protocols being renewed and updated and in spite of all this BankBot found its way back into the system.

Updates to BankBot:

Since its first appearance in April, the BankBot malware has under gone a series of updates. These updates include code obfusication and the ability to bypass Android’s accessibility services.

This coupled with the fact that it was able to penetrate Google’s security protocol is an added way in which the malware has developed over the span of 7 months.

Users affected by BankBot:

The crypto currency app containing the malware was removed from the Google Play store but not before hundreds of users downloaded it to their mobile devices.

As far as Google is concerned, its 1.4 million were safe from the attack. It is unsure how many users were affected when the malware first arrived on the scene in April of this year.

Google Play store is full of apps that can cause serious damage to an individual’s device or in this case to their bank account. It is therefore important to keep an eye out on what you’re downloading. This is not the first time Google has become embroiled in the malware found on its Play store, recently there was news that a fake Whatsapp app was doing the rounds on the Google Play store.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.