Fake Adobe Flash Player App Infects Android Devices with Banking Malware

IT security researchers at Russia based Dr. Web cybersecurity firm have discovered a fake Adobe Flash Player infected with BankingBot malware known for stealing banking and personal data of Android users.

“BankingBot” was first spotted in April 2008 but about three months ago it was found infecting over 400 apps on Google Play Store. Once it infects a targeted device, it gains administrative privileges before removing the icon of the app, tricking the user into believing that the app has been deleted.

In reality, however, the app continues to work in the background. Furthermore, the malware spies on SMS sent by the user, collect sensitive information such as credit card numbers, CVC number, its expiration date and user’s home address. It is also able to collect device specs such as a list of installed apps, OS version, IMEI, and phone model and send it to the hacker.

That’s not all; the malware is designed to display fake screens disguised as banking apps. As soon as the app gets what it wants, the credentials are then passed on to the hacker through a control and command (C&C) server. It also tracks available text fields, such as menu elements, and logs keystrokes and other components of the user interface.

According to Dr.Web’s blog post, BankBot is targeting users in Australia, Turkey, Germany, Poland, France, the United Kingdom, and the USA. Also, there are several other apps infected with the malware. Here is a screen the researcher shared which shows the fake Adobe Flash App and how it make changes on an infected device.

As mentioned at the start, the BankingBot was first discovered in 2008, and it could be coincident that back then the malware was also spotted targeting users through a fake Adobe Flash Player App.