New Banking Malware For Android Masquerades As Useful Apps


Malware: Security company ThreatFabric has identified a whole range of cybercrime in progress for Android tablets and smartphones. The scam format steals the user’s bank details from a very elaborate strategy, adapted even against new Google security restrictions.

The initial tactic of snaring victims is nothing new: malware gets approval from the Google Play Store by disguising itself as traditional apps such as QR Code readers, fitness aids and camera filters.

Even fake websites and reviews are added to create an environment of veracity — and apps are launched not in batches, but without a defined frequency or location, making it even more difficult to track a scam in progress.

The beginning of everything

The malware activation moment happens when the app is properly installed and manages to establish a connection with an external server, maintained by criminals. At this point, the fake tool asks for a series of accesses to Android resources, including photos, files and media.

By authorizing this type of command, which can be disguised as an improvement or update to the fake app, the user releases the malware’s data collection. More than 300,000 downloads were identified in four months for apps that apply this scam, with some of the services being downloaded more than 50,000 times.

Google has already banned the apps identified by ThreatFabric and has been working to reduce the effectiveness of this type of scam, including always giving the user the power to release permissions to what is installed on the mobile. However, this type of crime remains on the rise and seems increasingly adapted to remain active on the platform.