BankBot Virus Infects 400 Apps and Steals your Credit Card Info

Spyware found in Google Play Store, your location might be known to hackers

There is another malware which Android users should be aware of: Bankbot is a malware that wants to steal your internet banking login and personal bank card details.

There are beliefs that the virus is targeting the population of the UK and the US.

BankBot has been stealing information since 2008 when it is believed that it had been made. A few months ago, several security experts expressed their concern saying that the malware infiltrated over 400 apps on the Google Play Store.

The way the malware works is by infecting the smartphone and then gaining administrative privileges before it removes the icon of the app it has infiltrated. By doing this, it tricks users into thinking the app has been deleted when in fact it is still working in the background.

As well as tracking any SMS that is sent from the infected device, BankBot can also collect private credit and debit card information. The way it does this is by creating fake card entry screen, tricking users into entering their card information themselves, thinking that the page isn’t fake. This way, they personally hand over their card number, CVC security number as well as their address to cyber criminals.

In addition to this, the malware can create even more fake screens that include the logos of the leading banks, asking the victim to enter their internet banking logins, all of this sending the sensitive information straight to cyber criminals.

An anti-malware company based in Russia called Dr. Web has recently revealed how the malware works exactly, after discovering a fake version of Adobe Flash Player that contained the virus.

Once the victim enters their information, the data is being sent to a hacker through a C&C server.

Dr. Web has discovered that the malware was first attacking Android users in Turkey, later spreading the threat to dozens of countries, including United Kingdom, America, Australia, Germany, France, and Poland.

The security company has also published photos of the believed fake screens that would be displayed on the infected smartphone. One of them showed that the malware used a face screen that included Google Play branding, and another one featured a Santander logo. Both of the firms have been contacted to comment on the issue.

The blog post by Dr. Web also included a claim that the virus collects information about all the apps that have been launched and the user’s actions done within them.

They said that the malware tracks available text fields, and logs key strokes and similar components of the user interface. Not only this, but a version of BankBot can steal login credentials and other authentication information that users have been putting in any programs on any websites when authorizing.

The virus takes a screenshot of every key stroke and gets the sequence of the password’s characters before they are hidden. All of these screenshots are sent to the C&C server after that.

In April, Securify’s security experts said that they believe that hundreds of Google Play apps had been infected with the BankBot malware, around 400 of them. The app on which the malware has been discovered originally was an app under the name of Funny Videos 2017. After being sent a report on the app, Google removed the app from the Play Store.

The malware has been named Judy because of the character is known as Judy the chef can be found in the majority of the infected apps. It has been said that this malware campaign could possibly be the biggest malware campaign found on Google Play.