There’s a banking malware (trojan), dubbed Anubis, that has made its name notoriously famous among Android device users late last year that was infecting its way into the system through Google Play Store downloads.
Just as is the norm with developers seeking users’ consent, the malware would use the apps to ask for permission to use a device’s accessibility services and then keylogging its way to stealing login credentials to banking apps, e-wallets and payment cards.
Reportedly, the trojan was activated by a vicious “dropper” with a “proven ability to infiltrate Google Play and plant malicious downloaders under the guise of benign-looking apps.”
The post further reports that the malware was pushed by a “dropper” known as BianLian that had been “masquerading as simple applications that are always in demand, such as currency/rates calculators, device cleaners and even discounter apps.”
Unfortunately for users still, the applications that BianLian was actually using were working quite well and had even received surprisingly good ratings. Moreover, researchers explained that the name BianLian was used by the hackers on purpose to reference the Chinese theatrical art of changing from one face to another almost instantaneously and this brought them to the prediction that “while still dropping Anubis, [BianLian] was on the way to becoming a full-blown banking trojan itself.”
After much silence, it seems that Anubis is now back with an agenda to do the exact same thing as prior. This time, however, researchers have reported that the new and “improved” BianLian has contorted into a sophisticated malware that brings new techniques to the attack on banking apps, recording screens to steal credentials, locking out users to hide its activities, “rendering devices unusable.”
The BianLian then asks for permission to use the device’s accessibility and immediately begins the attack. The malware then uses a screen record module to record financial windows as users type in their login credentials including passwords and card details. A hidden communication channel is used to bounce the information to the attackers in the midst of all this.
With the targeted banking apps already listed, there is nothing like being too safe when it comes to the malware world with this being reiterated by Fortinet’s Dario Durando that even though BianLian may seem to be under active development “the dangerous, updated functionality “puts it on a par with the other big players in the banking malware space.”
With mobile banking malware on the rise especially through reports by Kaspersky that such attacks have almost tripled since last year, the burden still falls onto Google and its fighting abilities in policing the Play Store. And as much as the tech giant keeps reporting of their efforts to get rid of malicious apps, it seems this will be a never-ending battle.