After Big Takedown Efforts, 20 More BankBot Mobile Malware Apps Make It Into Google Play

This post was co-authored with IBM X-Force's Shachar Gritzman

---

A flashlight app, fake videos or a fake gaming app? Any one of those could be malicious and harboring a mobile malware app, right there in a trusted official app store. In an ongoing trend, IBM X-Force noted that malicious apps manage to circumvent controls and infiltrate legitimate stores. And this is not about the plethora of adware apps infecting users in the app stores, which has almost become the norm, but rather that banking malware is now turning into somewhat of a resident in Google Play.

BankBot is one of the mobile banking Trojans that has taken to the Play store in the past few months, managing to get through in the guise of widgets and benign apps. After the discovery and takedown of these apps — hundreds of them, to be exact — it seems that BankBot still finds ways to get in and infect unwitting users.

In a recent discovery, IBM X-Force mobile researchers identified at least 20 different malicious Android apps that made it into Google’s Play store delivering BankBot.

Landing a place in official app stores is both effective and profitable for cybercriminals who operate mobile malware. For one, they do not have to invest in the distribution of the malware. They can save on costs associated with spam lists, SMS messaging or sending mass emails, not knowing who would eventually click and bother fetching the app from a third-party store — provided they’ve already enabled side-loading. It’s a longer shot.

Second, malicious apps will get all that much more exposure in an official store, where hundreds of millions of people search for apps daily. Botnets are always a numbers game. Beyond sheer traffic, malware that makes it into the official stores enjoys the trust factor that comes with downloading an app from a legitimate source, likely leading to more app permissions being granted to malicious applications.

A Dangerous, Rising Trend

Bad Android apps making it into the official app store is not new by any means. It appears that criminals manage to find their way into legitimate stores, concealing their malware or including it in app updates that comes later on.

The rising trend is this: While adware and other nuisance apps have been making in into official app stores for the past few years, now we are seeing banking malware increasingly showing up in those trusted download sources. This trend is extremely problematic because it introduces an entirely different threat level to the users of official stores, making them download a mobile banking Trojan, which can inevitably lead to a significant rise in fraudulent financial activity in the weeks and months following the installation.

Read more of this post here.