BankBot Malware Hits Google Store Once More

BankBot Malware Hits Google Store Once More

In our past articles on online security, we’ve warned you against downloading software from unauthorized sources. But, it turns out that even the app stores cannot be 100% safe nowadays. The Bankbot malware hit the Google Play Store once again.

It started spreading from Turkey at the beginning of this year, but now the USA and UK are also under attack.

The malicious Trojan, the Android.BankBot.149.origin, belongs to the family of viruses which copy the authentic bank payment screen (hence, it’s nickname). Since its first appearance in 2008, expert had declared it dead; however, they were mistaken. The BankBot has made a comeback.

Unfortunately, malware that steals bank account details will always be around. And obviously, the apps stores and online services will probably always be their hunting grounds.

The Android.BankBot.149.origin is extremely malicious. It stays on your Android device even if you’ve deleted the infected app (and if you have antivirus installed, you’ll be informed about the infected file immediately). On installation of the infected application, the trojan asks for administrator privileges. Once those are granted, it deletes the icon and starts monitoring any keyboard activity as well as the text windows content: SMS, chats, whatever. Then the bot imitates the payment screen when you buy something from the game or shop on-line. The same goes for internet banking login screens, PayPal, and others. Unfortunately, there’s no way to check to see if the screen is genuine on your end. And by thinking that your data’s safe, you actually end up hand delivering your credit card number, CVC and password to the culprits.

List of the Apps Monitored

The malware doesn’t slow the device down. It almost always sleeps, only springing up to life when a payable application is brought up. The list of the applications monitored includes:

• WhatsApp
• Play Store
• Messenger
• Facebook
• WeChat
• Youtube
• Uber
• Viber
• Snapchat
• Instagram
• Imo
• Twitter

Malware Scanning the System

Bankbot has the ability to turn off vibration and sound for you to remain ignorant about the incoming SMS, and can delete the text to replace it with the bogus one. Moreover, the malware is very cautious and scans the system for the antivirus software from the list below.

• Anti-virus Dr.Web Light
• CM Security AppLock AntiVirus
• Kaspersky Antivirus & Security
• ESET Mobile Security & Antivirus
• Avast Mobile Security & Antivirus
• Clean Master (Boost&Antivirus)
• 360 Security – Antivirus
• AVG AntiVirus FREE for Android
• Antivirus Free – Virus Cleaner
• Super Cleaner – Antivirus
• AndroHelm AntiVirus Android 2017
• TrustGo Antivirus & Mobile Security
• Sophos Free Antivirus and Security

Then, it tries to fake the info the security software sends to its server. Still, the experts of the leading antivirus companies have spotted the malware behavior and have come up with a solution.

How to get rid of Android.BankBot.149.origin

1. Check if you have an antivirus aboard.
2. Go to the antivirus official site and check if there are any updates concerning the malware in question. If you haven’t got any antivirus at all – install it! (It’s a good time to start using protection anyway).
3. Run the full scan of your system and follow the recommendations.
4. Repeat every two or three days.
5. Or, turn the pro-active protection on; if your antivirus features it.

And again, Google leaves us wondering what the heck is going on with their own security.

Perhaps, they should tweak their entry regulations or something, since allowing this to be downloaded is unacceptable. Look at the Apple Store! Cracking down on the smallest break of the rules can actually pay off!