Are you using an Android device? Caution! Security researchers warn that the source code of an Android banking malware is posted online, along with information on how to use it by anyone.
Which means that Android users will soon face a growing number of attacks.
The security company Dr. Web discovered that the source code of an Android was leaked banking malware, adding that it can be distributed as a popular app or injected into APK files available online or in third-party stores.
Malware is recognized as Android.BankBot.149.origin and tries to get administrator rights. Once you have full rights, malware removes the app icon from the home screen, trying to fool users into believing it was removed.
On the other hand, it remains active in the background, and connects to an administration server and control waiting for orders. It can perform a bunch of functions such as sending and receiving SMS messages, stealing contacts, locating devices, making calls, displaying phishing dialogs, and stealing sensitive information such as banking and credit card details.
“Like many other Android banking malware, Android.BankBot.149.origin steals confidential user information by monitoring online banking applications and payment system software. A sample examined by security researchers at Dr. Web checks over three dozen such programs. Once Android.BankBot.149.origin detects that any of the aforementioned applications works, it loads the associated phishing login screen to intercept the user's bank account credentials and password,” the company says.
Phishing logon screens are available for many popular applications including Facebook, Instagram, WhatsApp and YouTube. For the Google Play Store, the malware displays a phishing dialog similar to the one you see when making purchases on Google Play, asking for your credit card information.
In addition, it can intercept text messages, send them to the attacker, and then delete them from the phone, which is particularly dangerous in the case of notifications by the bank.
So be careful when downloading and installing APK files from third-party stores or through "friends."
