Image courtesy of SecurityLab.ru. Yes, it’s Russian.
“The Google Play store once again has been invaded with apps carrying BankBot.” The article, written by Bradley Barth for SC Magazine, starts off on a strong note. What catches my attention is the short phrase once again. That, however, is for another time. BankBots are on the rise again, and it’s spread to 160 apps across 27 different countries, according to Barth.
“What is BankBot,” an article on The Merkle, desribes BankBot’s as “Android Banking Trojans.” BankBot is a malicious campaign with an intent to attack us through convenience — banking apps. Once there was a time when the biggest threat to banks were physical robberies and stock market crashes. Nowadays, the Internet of Things is the biggest perpetrator of bank attacks.
With the shift towards total digital domination of our lives, banks have followed suit by developing downloadable apps for ease-of-access banking. Of course, these banks require legitimate credentials for use. BankBots take advantage of this fact, as well as the lack of attention by consumers to develop imitation apps that somehow evade all Google Play Store legitimacy checks. So, how easy is it to get into BankBotting? Buntinx of The Merkle feels as though anyone can get started in the business of malicious banking. Many well-known hacking forums (remaining unnamed for obvious reasons) have multiple easy-to-follow, step-by-step, baby’s-first-BankBot tutorials that anyone can follow, free of charge. Because of this, there isn’t just one type of BankBot; people are taking the base design and creating personalized copies that range in complexity and scope of attacks.
In the months of April, May, and June of 2017, 62 separate long-term BankBot campaigns were discovered and shut-down. This was only the first wave of mass-BankBotting. BankBots were found to be the first malicious banking Trojans able to work their way into many high-security banks, work internationally, bypass Play Store vetting, and have the ability to communicate to web-based backends. These Trojans also have the ability to hijack and intercept SMS messages. Well-known banking Trojans like ZeuZ and EDA2 are beginning to find themselves shadowed by the ability of the BankBot campaign.
This campaign only affects Android users using third-party or non-major banking apps. The only way to protect your banking credentials is using trusted apps and websites (or just stick to iOS).
-Ryan W. Moore, 21 September 2017