14 DAY TRIAL // Android users are being targeted by a new form of malware flagged by security company Dr. Web as Android.BankBot.211.origin, which attempts to extract financial data from a phone, but also benefitting from capabilities that make it possible to target other details as well, including contact lists and text messages.
The malware spreads using the name of very popular programs, like Adobe Flash Player, though it’s important to know that BankBot hasn’t made it to the Google Play Store. This means that unless you download APKs from malicious sources, you should be completely safe, so double-check every package that you get from links that you don’t trust.
The security firm says the malware uses Android’s Accessibility Service to take over the phone, displaying a request prompt that would allow it to add itself to the device administrator list and become the default message manager.
Once the takeover is complete, BankBot can send an SMS containing a specific text to any number, extract text messages and send them to the hacker, open links, change the address of the company center, steal data like phone call info, contact lists and installed apps, and take screenshots of your passwords whenever you start typing them on websites.
Stealing financial data
Furthermore, since it was specifically developed to steal banking data, the malware can display fake input forms for login credentials, phishing dialogs asking for credit card details, and block the installation of antivirus apps that could prevent its features from running.
Dr. Web says the malware was primarily aimed at Android users in Turkey, but the list of countries being targeted by the same infection expanded substantially lately, with customers in Germany, France, the UK, and the US also on the list.
“Android.BankBot.211.origin can attack users of any applications. Cybercriminals just have to update the configuration file with the list of targeted programs. The banker receives this list once connected to the command and control server,” the firm says.
Removing the malware is only possible in safe mode by deleting its entry from the device administrator list and then scanning with an antivirus solution that already detects the infection. And of course, blocking it from the very beginning is substantially easier because you only have to download APKs from sources that you fully trust.