After Big Takedown Efforts, 20 More BankBot Mobile Malware Apps Make It Into Google Play
This post was co-authored with IBM X-Force's Shachar Gritzman
---
A
flashlight app, fake videos or a fake gaming app? Any one of those could be
malicious and harboring a mobile malware app, right there in a trusted official
app store. In an ongoing trend, IBM X-Force noted that malicious apps manage to
circumvent controls and infiltrate legitimate stores. And this is not about the
plethora of adware apps infecting users in the app stores, which has almost
become the norm, but rather that banking malware is now turning into somewhat
of a resident in Google Play.
BankBot
is one of the mobile banking Trojans that has taken to the Play store in the
past few months, managing to get through in the guise of widgets and benign
apps. After the discovery and takedown of these apps — hundreds of them, to be
exact — it seems that BankBot still finds ways to get in and infect unwitting
users.
In a
recent discovery, IBM X-Force mobile researchers identified at least 20
different malicious Android apps that made it into Google’s Play store
delivering BankBot.
Landing
a place in official app stores is both effective and profitable for cybercriminals
who operate mobile malware. For one, they do not have to invest in the
distribution of the malware. They can save on costs associated with spam lists,
SMS messaging or sending mass emails, not knowing who would eventually click
and bother fetching the app from a third-party store — provided they’ve already
enabled side-loading. It’s a longer shot.
Second,
malicious apps will get all that much more exposure in an official store, where
hundreds of millions of people search for apps daily. Botnets are always a
numbers game. Beyond sheer traffic, malware that makes it into the official
stores enjoys the trust factor that comes with downloading an app from a
legitimate source, likely leading to more app permissions being granted to
malicious applications.
A Dangerous, Rising Trend
Bad
Android apps making it into the official app store is not new by any means. It
appears that criminals manage to find their way into legitimate stores,
concealing their malware or including it in app updates that comes later on.
The
rising trend is this: While adware and other nuisance apps have been making in
into official app stores for the past few years, now we are seeing banking
malware increasingly showing up in those trusted download sources. This trend
is extremely problematic because it introduces an entirely different threat
level to the users of official stores, making them download a mobile banking
Trojan, which can inevitably lead to a significant rise in fraudulent financial
activity in the weeks and months following the installation.
Read
more of this post here.
Comments
Post a Comment