Tons of Apps on Google Play Store Infected with BankBot Malware

Even Google Play Store users are not safe from Malware.

A new Malware has been spotted in the wild targeting Google Play Store apps. The malware has been dubbed as “BankBot” by security researchers rand was first spotted in April 2008. So far at least 400 Google Play Store apps have been compromised.

The origin of BankBot: According to the security experts at Securify, the malware seems to be linked with a Google play store app called “Funny videos 2017” and the users who downloaded this app were affected. Some security experts believe that the malware was introduced in the app with the latest April 8 Update. However, this is only a professional guess.

Image Source: Google Play Store / Courtesy: Securify

The app had over 5000 downloads before it was taken down, and the Bot was trying to steal the banking credentials of those users.

Related: 38% of Android VPN Apps on Google Play Store Plagued with Malware

The attacking mechanism: Once downloaded, the malware tricks users into gaining administrative privileges before removing the icon of the app, letting the user think that the app has been deleted. In reality, however, the app continues to work in the background! That’s not all; the Botnet is designed to display fake screens disguised as banking apps, encouraging the users to put credit card information and other login credentials. As soon as the app gets what it wants, the credentials are then passed on to the hacker through a control and command (C&C) server.

Affected apps: The mastermind behind this malware used DexProtector to ensure that the security researchers couldn’t get their hands on the affected apps. To get the list of targeted apps, researchers have to go through measures created by DexProtector, gain the server data and run the program which isn’t an easy thing to do. While the list of affected apps hasn’t been retrieved yet, security experts believe that the malware is targeting ABN, ASN, Region bank, Bink and several other apps.

The list of all targeted apps is available on Securify’s blog.

Related: New Android ransomware proves why antivirus software are just a joke

Word of advice: This is not the first time that a botnet has been spotted targeting the users, and surely this isn’t the last time either! So, here’s what you need to do. Be extra careful when installing a new app and never let an app gain admin privileges of your device. Also, only download apps from trusted sources!


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Newest Sales