BankBot Trojan Spotted Again

Every year, hackers are becoming more and more savvy in the way that they conduct their attacks. One of their favorite devices to target are peoples’ smartphones due to many not realizing that a smartphone is just a tiny computer. That means smartphones are susceptible to viruses and attacks like any ordinary desktop or laptop.  Yet many people still use their smartphone for banking, emails, and other sensitive material without a second thought.

Unfortunately, not even the official app stores for your smartphones are 100% safe. The BankBot trojan has been spotted on the Google Play store once again. It has disguised itself as a game called Jewels Start Classic (not to be confused with the legitimate game Jewels Star).

At first, the game plays like a normal puzzle game. After 20 minutes, though, a pop-up will prompt the user to enable “Google Services”. By clicking OK, the Android Accessibility menu is opened. On this new window, a service named Google Service will display. By enabling that service the BankBot Trojan has free reign to continue the next phase of its’ attack.

The next time that the Google Play store is opened, the user will be presented a fake overlay by BankBot asking for the user’s credit card information. Even if the user has two-factor authentication set up with their back account, BankBot sets itself as the default messaging app on their smartphone so that it can intercept SMS two-factor authentication texts. At that point, the attacker has obtained the information that they wanted.

There are a few ways to help prevent these kinds of attacks from happening:

  • Don’t download applications that look suspicious. Wait a little while until the application has been vetted by others and has some time on the app store.
  • Always use an official app store. The two major app stores are the Google Play store for android phones and the Apple App Store on the iPhone. These two stores have security measures in place to weed out malicious apps. While not perfect, they’re better than non-official stores which may have none.
  • Check the permissions an app is requesting when downloaded. Always question why an app needs any permission that it requests. A photo taking app obviously needs camera permissions, but does a banking application need camera permission? Perhaps. If the banking app allows for the ability to take pictures of checks to deposit them. If it doesn’t have that ability, it may be time to look for a new banking app.

 

Sources:

https://www.infosecurity-magazine.com/news/bankbot-resurfaces-in-google-play
https://www.welivesecurity.com/2017/09/25/banking-trojan-returns-google-play