Knowledge is power in fighting new Android attack bot

Register now

Android users and apps have become a major part of payments and financial services, carrying an increased risk for web crime.

It is estimated that there are 107.7 million Android Smartphone users in the U.S. who have downloaded more than 65 million apps from the Google App Store, and each one of them represents a smorgasbord of opportunity for hackers to steal user credentials and other information.

This ample target is driving cyber criminals to continuously innovate malware and distribute it in ingenious ways. The latest malware called Android.BankBot has been cooked up using leaked banking malware source code, which was then transformed into an even more dangerous Trojan.

The Android.BankBot Trojan disguises itself as various Google programs with the Play Store icon fooling even savvy users into thinking that it is legitimate.

Once downloaded, the app then asks for administrative permissions which most consumers click on to approve without a second thought. With permissions granted, the app covers its tracks by deleting the icon from the display screen.

It also tries to connect with the command and control server to obtain account login credentials. When the door is successfully unlocked, the app automatically looks for banking or payment credentials that might be stored in places like the Google Play Store, Uber, or Facebook etc. As added self-protection, the malware is able to divert any incoming SMS texts from the card issuer or bank which would otherwise let the user know that their device has been hacked.

The result could be an empty account. Companies that have Android users should communicate the following preventative measures for protection: Never download financial applications from non-App Store sources; turn off “Unknown Sources” in settings security on Android devices. Turning this feature off will disallow downloads from sources that are not known

Cybercriminals have made interfaces that are so realistic they fool even the savviest user, so while an application may look and act like it’s coming from a reputable App Store, turning off this functionality can prevent a costly mistake. Users should also conduct regular checks on your Android device to see what applications have Device Administrator rights activated.

Viruses and malware are like spices -- every day a new flavour or combination is being created by someone, somewhere Proper communication on how devices work and what resides on devices will help to avoid many of the risks associated with these spicy (and dangerous) malware combinations as they evolve over time.

For reprint and licensing requests for this article, click here.
Mobile payments Apps Cyber attacks ISO and agent