IT security researchers at Russia based Dr. Web cyber security firm have discovered a fake Adobe Flash Player infected with BankingBot malware known for stealing banking and personal data of Android users.
“BankingBot” was first spotted in April 2008 but about three months ago it was found infecting over 400 apps on Google Play Store. Once it infects a targeted device, it gains administrative privileges before removing the icon of the app, tricking the user into believing that the app has been deleted.
In reality, however, the app continues to work in the background. Furthermore, the malware spies on SMS sent by the user, collect sensitive information such as credit card numbers, CVC number, its expiration date and user’s home address. It is also able to collect device specs such as a list of installed apps, OS version, IMEI, and phone model and send it to the hacker.
That’s not all; the malware is designed to display fake screens disguised as banking apps. As soon as the app gets what it wants, the credentials are then passed on to the hacker through a control and command (C&C) server. It also tracks available text fields, such as menu elements, and logs key strokes and other components of the user interface.
According to Dr.Web’s blog post, BankbBot is targeting users in Australia, Turkey, Germany, Poland, France, the United Kingdom, and the USA. Also, there are several other apps infected with the malware. Here is a screen the researcher shared which shows the fake Adobe Flash App and how it make changes on an infected device.
As mentioned at the start, the BankingBot was first discovered in 2008, and it could be coincident that back then the malware was also spotted targeting users through a fake Adobe Flash Player App.
Android users need to take extra security precautions while downloading apps from Google Play Store or a third-party store since nothing is safe from these malicious programs. In the case of BankingBot, the targeted users are advised to run their device in safe mode, go to system settings, recall all the rights, restart the device and run a full device scan through an anti-virus software.