An Android banking trojan managed to infiltrate Google’s official Play Store a second time potentially infect thousands with financial data stealing malware before it was kicked out again.
The Bankbot malware first appeared in the Google Play store earlier this year, stealing victims banking information by presenting an overlay which looked identical to a bank’s app login page. The malicious apps were removed in April, but Bankbot was once again discovered in the Play Store in early September.
Uncovered by researchers at ESET, this time, the malware came hidden inside a functioning Android game called ‘Jewels Star Classic’. The app first appeared in the store on 26 August before an update on 4 September raised the alarm. By the time the app was removed from the store on 7 September, it could have been downloaded 5,000 times.
This version of BankBot is more sophisticated than its predecessor, adding improved code obfuscation, a more sophisticated payload dropping functionality and exploits Android’s Accessibility Service in a similar way to other forms of mobile banking malware.
Submitted by: Arnfried Walbrecht