An Android banking trojan has returned with improvements which allow it to record the screens of infected devices while also adding new techniques that help the malware remain hidden from victims.
First detailed by cybersecurity researchers at ThreatFabric in October last year, BianLian started life as a dropper for other forms of malware, most notably the Anubis banking malware, which has stolen funds from thousands of Android users around the globe.
But the cybercriminals behind BianLian soon changed their tactics, altering the code and re-purposing the malware into a banking trojan in its own right – repeatedly bypassing protections in the official Google Play app store as a means of distributing their malicious payload.
The new version of BianLian adds a screencast module, allowing the malware to record the screen of the device, a functionality that could allow attackers to monitor and store what’s viewed by the user – a good way of secretly stealing information like usernames, passwords and other confidential information that could allow attackers to gain access to the payment data they want to steal.
In addition to the screen-recording ability, the new version of BianLian is equipped with a means of obfuscation that involves what researchers describe as “randomly generated garbage” in the code base.
The thinking behind this appears to be that the true functionality of the malware will be lost amongst all the code.
Submitted by: Arnfried Walbrecht