November 1, 2018 By Shane Schick 2 min read

Nearly 30,000 Android users accidentally downloaded banking malware after being tricked by personalized phishing forms based on the apps they use.

Google removed 29 malicious apps from its Play Store after learning about the threat, according to a report from ESET. Although the apps were attributed to different developers, the researchers discovered enough common code to suggest that they were all created by the same malware author or threat group.

The malware enables the attackers to send and receive text messages on infected Android devices, which allows them to get past multifactor authentication (MFA) protocols that might otherwise have protected the user’s banking data. The malware can also impersonate software from victims’ financial institutions and download additional apps to compromised devices.

A Unique Approach to Distributing Banking Malware

Creating phony versions of banking sites is one of the oldest phishing schemes in the book, but these attackers took a more subtle approach. They scanned the other, legitimate apps on the device, grabbed some HTML code and used it to create a tailor-made form to fool victims with bogus error messages.

Some victims received a notification that their app was no longer compatible with their device and had been removed, for instance. Meanwhile, the attackers used a dropper to check for sandboxes and emulators. If they didn’t find any, a loader was decrypted with a payload containing the banking malware.

The 29 malicious apps included popular utilities such as battery managers, device boosters and cleaners, the researchers noted. Others, such as phony horoscope apps, targeted users seeking casual entertainment.

The Case For Client-Based Fraud Detection

People tend to be pretty fast on their smartphones, which means there may not be a lot of time between the moment a user downloads an app with a banking Trojan and when the payload is executed.

IBM experts recommend investing in client-side fraud detection to close this gap, along with technology that can identify malicious apps as early as possible. Given how easily cybercriminals can not only replicate banking sites but create a one-to-one approach with personalized forms, organizations will need to be ready to adapt to new phishing techniques faster than ever.

Source: ESET

More from

How to calculate your AI-powered cybersecurity’s ROI

4 min read - Imagine this scenario: A sophisticated, malicious phishing campaign targets a large financial institution. The attackers use emails generated by artificial intelligence (AI) that closely mimic the company's internal communications. The emails contain malicious links designed to steal employee credentials, which the attackers could use to gain access to company assets and data for unknown purposes.The organization's AI-powered cybersecurity solution, which continuously monitors network traffic and user behavior, detects several anomalies associated with the attack, blocks access to the suspicious domains…

Being a good CLR host – Modernizing offensive .NET tradecraft

14 min read - The modern red team is defined by its ability to compromise endpoints and take actions to complete objectives. To achieve the former, many teams implement their own custom command-and-control (C2) or use an open-source option. For the latter, there is a constant stream of post-exploitation tooling being released that takes advantage of various features in Windows, Active Directory and third-party applications. The execution mechanism for this tooling has, for the last several years, relied heavily on executing .NET assemblies in…

The current state of ransomware: Weaponizing disclosure rules and more

4 min read - As we near the end of 2024, ransomware remains a dominant and evolving threat against any organization. Cyber criminals are more sophisticated and creative than ever. They integrate new technologies, leverage geopolitical tensions and even use legal regulations to their advantage.What once seemed like a disruptive but relatively straightforward crime has evolved into a multi-layered, global challenge that continues to threaten businesses and governments alike.Let’s take a look at the state of ransomware today. We’ll focus on how cyber criminals…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today