“Gartner Listed - mobile application security guide”

January 31, 2017

Source code for Android malware to hack bank details leaks online

Android users were warned by security experts to be cautious when using their financial information on mobile devices and to use Android app security testing when it was revealed that the source code and instructions for malware designed to hack banking details of users was leaked online.

Dr. Web, a Russian anti-malware firm said that the “Bank Bot” source code was leaked last month and had already given rise to a variant that can quietly hide in a user’s phone and gather all their personal details. Experts at Dr. Web also revealed that the malware can mirror all popular services, such as PayPal. They believe that Android app security is under a serious threat as the number of attacks on Android devices will increase considerably.

An extreme threat to Android app security, the Trojan exists on third-party app stores, disguising itself as a Google-related service. Once downloaded, it asks permission to get administrative privilege and if allowed, it gets installed in your system, hides itself from the phone screen by deleting its icon, and connects to the Command and Control server of the criminal for further instructions. It then steals banking credentials from your phone as soon as available.

With its escalated privileges, BankBot enables the attacker to intercept calls, send and intercept text messages, access contact lists, track device location, and much more. It also screens the device for the presence of banking apps like Alfa-Bank, Bank of America, Wells Fargo. At present, the malware mostly seems to target Russian users.

The malware also uses a phishing technique to gather banking details of the victim by popping up a screen every time an app like Facebook or Snapchat is launched. The screen resembles a Google dialogue box so users who are not usually concerned with Android app security fall prey to the hoax and enter their details. The Trojan can also turn off sound and send a text message directly to the cybercriminals without the knowledge of the user.

The researchers have warned that many similar variants of BankBot will now surface after the circulation of the source code. Experts believe that sharing source code and allowing its modification helps prevent detection.

Codified Security is here to help make your mobile app secure whether it’s for iOS, Android app security testing, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing try out Codified Security.