ESET told about banking Trojans that masquerade as games

© RIA Novosti / Alexei Mangalapura in fotosencibilization. archival photoESET told about banking Trojans that masquerade as games© RIA Novosti / Alexei Mangalapura the image Bank

BankBot mobile banking Trojan disguised as Google Play, presented in a press release antivirus IT ESET the results of a joint study of experts of ESET, Avast and SfyLabs.

«In October and November 2017 ESET found new ways to spread mobile malware BankBot. The attackers posted in the Google Play app, designed for the hidden download the Trojan on users ‘devices», — stated in the message.

It is clarified that in the first stage of the hacking campaign appeared in Google Play application-lanterns Tornado FlashLight, Lamp For DarkNess and Sea FlashLight with malicious functionalities, and the second phase – the application for playing solitaire and software to clean the memory.

After the first run the loader checks on the installed device program to the coded list of 160 Bank of mobile applications and finding the match, requesting the device administrator. Two hours after activation rights starts the download of mobile Trojan BankBot, the installation package of which disguised as updates to Google Play.

It is noted that loading is possible only if the device is set to allow installation of apps from unknown sources; if this option is not enabled, the screen will display an error message and the attack cannot be continued. When the user after installation BankBot opens a banking application, the Trojan loads a fake entry form of login and password. The data entered are sent to cyber criminals and used to gain unauthorized access to the victim’s Bank account.

Experts recommend to download only from Google Play, check the user reviews and application rating, disable the ability to install apps from unknown sources to pay attention to requests administrator rights of the device or activate the accessibility service, and to use reliable anti-virus software.