In late 2016, Russian hacker boards started commenting about a new hack for Android phones. Later named BankBot, it’s purpose is to capture banking credentials and divert funds to fake CC servers that are taken down just days after an attack has begun. The hack is built into apps that can be downloaded from third party sites and the Google Play Store. What the tool does is acts like a wifi Pineapple device and mimics login pages of banking mobile apps tricking the user into entering in banking credentials into this app.
The BankBot code is not very elegant and there are easy flags in the app that should make it easy to detect, but despite this, the infected app goes undetected frequently.
The attacks have been somewhat localized with targets in Turkey and other European banks. It is important to know that it is not difficult to modify to start targeting US banks. To protect yourself, CloudNexus recommends the following:
- Know who made the app. Make sure the publisher of the app is the bank you get it from
- BankBot starts asking for a lot of permissions that other apps typically do not ask for. Once granted, it can hide its icon, but stay on your device. Look for an app that is requesting an inordinate amount of access rights to your device. If it does, delete it as soon as possible.
- Get a good anti-virus/anti-malware software program for Android. You can check their website to see if they protect against BankBot