Security researchers have discovered a malware on Google Play

The Android malware has been discovered by security researchers from Zscaler and Securify, the researchers discovered an app on Google store titled “Earn Real Money Gift Cards.” The application covers a variant of the Android banking Trojan BankBot, whose source code was published online in 2016.

The author of the application hiding BankBot also developed another application present on Google store, a game called “Bubble Shooter Wild Life.” This game really works, but it also combines functionality that turns it into a malware downloader.

According to zscaler:
“The name of app is ‘Earn Real Money Gift cards’ (package name: com.moneygift.real.app), and we confirmed it as a variant of a widely known BankBot malware family. As we extended our investigation to the author of this app, we came across a second app uploaded by the same author, entitled ‘Bubble Shooter Wild Life’ (package name: com.bubblesooter.wildlife). The payload, however, was not a BankBot; it turned out to be a downloader Trojan that is abusing the Google Play Accessibility Service.”

After analysing the code, which has been protected by the author using the Allatori Obfuscator, shows that the app first requests permission to draw over other applications. It then waits 20 minutes before starting its malicious processes, which is likely how it handled to bypass Google’s Bouncer security system.

“We have previously identified numerous instances of malicious apps hiding on Google Play and leveraging techniques like time delays and code obfuscation. However, this app’s abuse of the Google Accessibility service to install additional payloads without user’s permission is unique.”

Related posts

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA

Kia Dealer Portal Vulnerability Risked Millions of Cars

Latest Octo Malware Variant Mimics Popular Apps Like NordVPN, Chrome