What is BankBot?

Android users may have noticed how there is a sudden surge in banking malware on the platform all of a sudden. In fact, these problems date back to December of 2016. It turns out the surge of BankBot malware can all be attributed to one person posting a tutorial on how to build Android malware. It is evident criminals want to share their expertise, which does not bode well for the rest of the world.

What on Earth is BankBot Malware?

It is quite interesting to see how one person is responsible for a lot of banking malware issues affecting Android users around the world. As it turns out, the tutorial to build Android malware dates back to December 2016. It is also a very easy tutorial, which takes interested parties by the hand, and explains everything one needs to know in detail. With this guide, anyone in the world is more than capable of creating a basic Android banking Trojan. It turns out this was all made possible thanks to BankBot.

More specifically, one can put BankBot on the same level as other major banking Trojans, such as ZeuS and EDA2. However, BankBot was a unique type of banking malware, which also served as the basis for a lot of future creations making use of the same features. BankBot is capable of communicating with a web-based backend, which is a rather common feat in the world of malware these days.

Once the BankBot tutorial was released on a well-known hacking forum, it only took about a month until different versions of it started popping up. In the first wave of attacks, the malware mainly targeted Russian banks. This was considered quite a troublesome development, as no malware has been capable of infiltrating those banks. Interestingly enough, this first version was not distributed through the Google Play Store, but mainly focused on third-party APK download sites. Luckily, these campaigns were detected and shut down relatively quickly.

One would expect such a big setback to spell the end of BankBot, but that is not the case by any means. Instead, the past three months have seen a new surge of activity where this malware is concerned. The tutorial on creating Android banking malware has made its way to other forums frequented by cybercriminals as of late. So far, there have been 62 different BankBot campaigns, with most of them taking place over the past three months.

What is even more troublesome is how the BankBot banking Trojan successfully evades security checks implemented by the Google Play Store. A lot of the current distribution campaigns originate from the applications listed in the Google Play Store. That is very disturbing, to say the least. It turns out the malware developers are getting better at obfuscating the malware’s code. Google’s automatic malware scanners are incapable of detecting BankBot right now, although that situation may be resolved sooner rather than later.

It is evident BankBot is causing a lot of headaches among Android users around the world. Android malware is a very big problem, Current iterations of BankBot can display overlays on top of applications, intercept text messages, and even steal credentials from applications. Considering how the original tutorial can still be found on the darknet, it is not unlikely we will see more BankBot campaigns over the coming months.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.