• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • December 15th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Security » Google just can not get rid of BankBot malware from Play Store

Google just can not get rid of BankBot malware from Play Store

November 9th, 2017 Waqas Android, Malware, Security 0 comments
Google just can not get rid of BankBot malware from Play Store
Share on FacebookShare on Twitter

Google is trying its best to “make Chrome secure again,” but when it comes to Play Store and protecting Android devices, the tech giant is failing miserably. Although there are a couple of Android bug bounty programmes offering a lucrative amount of money, the marketplace just can’t get rid of malware, in fact, the old ones keep coming back.

BankBot (BankingBot) Malware

IT security researchers at RiskIQ have discovered a dangerous and widespread malware often used by cybercriminals to steal banking information from Android users. Dubbed BankBot (also known as BankingBot), this is the fourth time that researchers have discovered this malware targeting users. Meaning, Google just can’t get rid of BankBot.

[q]Crypto Currencies Market Prices app belongs to BankBot malware family[/q]

This time, researchers discovered BankBot in an app called “Cryptocurrencies Market Prices” claiming to provide up to date price for cryptocurrencies. But the real price was paid by those who downloaded the app from app store and got their banking data stolen. Researchers also noted that despite being malicious, it still got a shiny “verified by Play Protect” tag on it. Google Play Protect is supposed to check apps and device for harmful behavior. However, in BankBot’s case, it acted otherwise.

Google just can not get rid of BankBot malware from Play Store

Malware infected app verified by Play Protect | Image: RiskIQ

“The app itself is a bundled application as described in the ‘Detection’ section of this document. It is a combination of a legitimate functionality—comparing actual cryptocurrency market prices with global Fiat money—and a Bankbot instance,” researchers noted.

What BankBot Does and Steal

As obvious by its name, the BankBot is developed to steal banking data from an Android device such as credit card number and other payment-related information. Once installed, it also conducts phishing attacks to show fake version of banking apps and gain administrative privileges before removing the icon of the app, tricking the user into believing that the app has been deleted.

In reality, however, the app continues to work in the background. Furthermore, the malware spies on SMS sent by the user, collects sensitive information such as credit card numbers, CVC number, its expiration date and user’s home address. It is also able to collect device specs such as a list of installed apps, OS version, IMEI, and phone model and send it to the hacker.

That’s not all; the malware is designed to display fake screens disguised as banking apps. As soon as the app gets what it wants, the credentials are then passed on to the hacker through a control and command (C&C) server. It also tracks available text fields, such as menu elements, and logs keystrokes and other components of the user interface.

So What’s Next?

After RiskIQ’s findings were sent to Google it removed the app from PlayStore but the question remains why Google didn’t find the app before researchers and how did it get the “Verified” tag while it was a malware-infected app.

History of BankBot

Discovered back in 2008, the BankBot banking malware was caught infecting Android devices through malicious apps on PlayStore in 2014. It aimed at stealing credit card and personal data of unsuspecting users. Once exposed, the infected apps were booted off by Google from its marketplace.

In April this year, BankBot infected 400 apps on Google Play Store. One of the infected apps was Funny Videos 2017 that was downloaded 5,000 times by unsuspecting users. Upon reporting, Google deleted all the infected apps.

In July 2017, BankBot malware was again caught on Play Store disguising as fake Adobe Flash Player app aiming at stealing banking information of Android users. The app was removed once security researchers informed Google.

Stay Safe Online

Android is one of the most vulnerable smartphone operating systems, and that’s not surprising since the case mentioned above explains it all. HackRead advises Android users to avoid downloading unnecessary apps from third-party and Play Store, keep an eye on their banking transactions and use a reliable mobile security product.

[fullsquaread][/fullsquaread]

  • Tags
  • Android
  • Banking
  • Cryptocurrency
  • Cyber Crime
  • internet
  • Malware
  • Privacy
  • Scam
  • security
  • Smartphone
Facebook Twitter Google+ LinkedIn Pinterest
Previous article Google Chrome will automatically block forced website redirects
Next article WikiLeaks' Vault 8 Leaks Show CIA Impersonated Kaspersky Lab
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism.

Related Posts
How to identify malware on your phone with these 7 signs

How to identify malware on your phone with these 7 signs

"The Smartest Lock Ever” KeyWe is Vulnerable to Hacking

"The Smartest Lock Ever” KeyWe is Vulnerable to Hacking

Plundervolt: A new attack on Intel processors threatening SGX data

Plundervolt: A new attack on Intel processors threatening SGX data

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
Popular forms of cybercrime you should be aware of
Cyber Crime

Popular forms of cybercrime you should be aware of

498
70% of the entire US population is now on Facebook
Technology News

70% of the entire US population is now on Facebook

333
Hundreds of counterfeit branded shoe stores hacked with web skimmer
Cyber Crime

Hundreds of counterfeit branded shoe stores hacked with web skimmer

313
NGINX office in Moscow raided by police
Cyber Events

NGINX office in Moscow raided by police

1382

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us