Site icon Emsisoft | Cybersecurity Blog

Mobile malware targets Android users


Your mobile phone is a journal containing the deepest secrets of your digital life. Who is reading yours?

Your mobile device follows you everywhere. It can tell you where you need to go, when and how. It knows who you contact frequently, maybe even who you love the most. Your personal photos are always at hand, your favourite music too. When you flick through your phone you have access to the most intimate parts of your life in both the real and digital world.

So when you get up from lunch to see that your phone is no longer at its usual place on the table, alarm bells ring. ‘Did I lock my phone? Who has access to my accounts?’

The answer? Everyone.

However, this can be just as true when your phone is still in your hand. All it takes is one wrong step and your internet banking data is being sold on the dark web.

This is the world we now live in. Unlike a hardcover journal, our phones can be reprogrammed to act just like infected PCs sharing everything they contain with whoever asks for it.

BankBot fakes your login page so you hand over login details willingly

Banking trojans are nothing new, yet the latest incarnations targeting Android devices are engineered to steal money from your bank account by gaining administrator privileges remotely. It is often bundled in with third party apps downloaded outside of the Google Play Store.

Dubbed BankBot, these latest variants of Android malware are able to send and intercept SMS messages, make calls from your phone, track other victim’s devices (including those of your loved ones), access contacts (including those of your loved ones) and just to seal the deal, steal your sensitive information such as banking information and credit card details.

The sophistication of modern malware is what makes it so troubling. BankBot malware sneakily hides on your phone until you open any mobile banking or social media app. Once you have done so, BankBot launches phishing login overlays – a fake login page that appears legitimate – tricking you into re-authenticating or re-entering your payment card details. Your details are then sent back to online servers where your private data can be used by anyone with access.

It’s not only about your banking apps

BankBot phishes credentials for social media apps too, including Facebook, WhatsApp, Instagram and Twitter. With complete access they are able to spread the malware further through messages from your account.

Imagine your dear Aunt Betty finally signed up for Facebook and installed it on her smartphone at your insistence AND with your help. Of course, when she sees she has a message from you she opens it eagerly, not realising that what your message contains will eat away at her life savings until there is nothing left.

Worst of all, once the hackers have made transactions on Aunty Betty’s behalf, the text message notifications she should have received from the bank have been intercepted and deleted before she could ever see them so she has no idea it’s happening.

You’re having a pretty bad day, right? You’ve managed to give hackers access to all of your private information and provide access to all of your friends and loved ones. ALL of this while your phone is still in your hand.

But you’re in a hurry. You’ve taken too long at lunch and are running late for a meeting. Of course, you’ll want to try to clear your phone as quickly as possible. You’ve seen an ad recently for a mobile security app but can’t find it in the Google Play store so you download the APK direct from the website in your browser. You quickly dismiss the popup talking about the unknown sources and terms and conditions and within seconds you are looking at this:

Now not only are you late, but TWO hacker groups have access to your data AND you’re locked out of your phone until you agree to pay a ransom.

Now what do you do?

Your phone is locked, so you’ll need to boot it into safe mode. If you are unsure of how to do this, check the help forums of the company that made your particular phone. When in safe mode, only system apps are started on the device as it boots, so you can go through and uninstall the apps through the ‘uninstall’ function in your settings.

It is possible that the ransomware is coming directly from the web browser you downloaded it from. In that case, simply shut down the web browser.

So by now, you’re likely asking how this could have all been prevented in the first place.

Be the sole keeper of your story: protect your digital life

Emsisoft Mobile Security has a 100% malware detection rate

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Download Now

Exit mobile version