New Banking Malware Spreads in Flashlight and Solitaire Apps
BankBot, a new Banking Malware found by cybersecurity researchers. Discovered by the joint operation of security researchers at Avast, ESET and SfyLabs in Google play store.
How it's Working?
BankBot app asks your banking details twice after it will send stolen data to its Server. When you used to open your Bank App it will display an overlay webpage on top of the banking application then its behave fake version of Banking apps and gets administrator privileges before removing the app icon. Victims thought its genuine banking app but it's not and the user enters into a fake app.
The Apps work in the backend, to collect private information like SMS, Credit card numbers, CVC and more. Also, it's able to collect phone information such as IMEI number, Mobile device model, OS version and send it to attacker server.
Affected Apps
Avast spotted first sample in OCT 2017, it was hidden in the “Tornado FlashLight” (com.andrtorn.app) and later appeared in the “Lamp For DarkNess” and “Sea FlashLight” apps. In late October and November, a smartphone cleaning app and multiple Solitaire gaming apps appeared with the malware embedded, for the aforementioned second campaign.
BankBot Malware was found in famous apps like Flashlight and Solitaire. Solitaire apps have targeted 131 banks customers worldwide including Citibank, Suncorp, ICICI, Noris, and Skrill payment system too.
How to Prevent?
- Do not allow 'Unknown Sources' to install a malicious app.
- Use Mobile Antivirus, Anti-malware App to protect your mobile devices.
- Never click on unknown app link.
- Do not give administrator permission to your apps.
- Always download "Verified by Play Protect" Apps.
- Keep Mobile backup always.