The security researchers warns us that the source code of an Android banking malware is posted online, along with some information on how is should be used, this means that users of Android devices are likely to face a hike in the number of attacks in the very short time.
The security firm Dr. Web revealed that they have already found one malware that is developed with this leaked source code, adding it is distributed as the popular applications directly injected in APKs available online.
The malware was flagged as Android.BankBot.149.origin and it tries to get the administrator privileges on the compromised computers. Once it is granted the full privileges, this malware removes the app’s icon from home screen, thus tricking the people into believing it was actually removed.
On the other hand, this remains active in the background, and thus connects to a command and control server to await commands. It can also perform a wide range of tasks, such as send and intercept the SMS messages, track devices, steal contacts, show phishing dialogs, make calls, and steal sensitive information, like banking details.
“Like many other Android bankers, Android.BankBot.149.origin steals confidential user information by tracking the launch of online banking applications and payment system software. One sample examined by Doctor Web security researchers controls over three dozen such programs. Once Android.BankBot.149.origin detects that any of the aforementioned applications have been launched, it loads the relevant phishing input form to access user bank account login and password information and displays it on top of the attacked application,” the firm explains.
Once a popular application is launched, including here Instagram, WhatsApp, Facebook, YouTube, and even Google Play Store, the malware launches its phishing dialog similar to the one that shows up when you make purchases on Google Play, asking for your credit card information.
Beware of such malware. It doesn’t hurt to be wise.