BankBot, once thought to be wiped out, returns to Google Play Store
There is another example of malware being a constant problem for Android users: BankBot, a banking Trojan designed to help crooks steal people’s money, is still lurking in various Google Play Store apps despite Google’s attempts to get rid of it.
The malware’s newest version hides in seemingly benign software (like free flashlight apps or solitaire games), avoids detection by Android’s security, downloads the effective payload from an external source hours after gaining administrator rights and allows for the theft of the victim’s banking credentials.
BankBot has already been through several iterations, having been removed by Google in September but “several versions remained active until November 17,” according to researchers from the security firm Avast.
“This was long enough for the apps to infect thousands of users.”
“The cyber criminals have been targeting customers of big banks like Wells Fargo, Chase and about 160 other banking apps in the U.S., Latin America, Europe and the Asia Pacific region,” Avast’s head of mobile security Nikolaos Chrysaidos said.
Malware like BankBot has been an ongoing dilemma for Android. that’s riddled headlines this year: In addition to BankBot, spyware in the Google Play store was downloaded over one million times in three years. Another malicious campaign saw over one million users fooled by a fake WhatsApp offering.
Despite the issues Google’s security team emphasizes that the situation is improving. Earlier this year, Google’s Play Protect was touted by Google as “the ideal security blanket” for Android.The company believes the suite of tools hit an “inflection point,” with the majority of malware detections spotted by machine learning, according to Adrian Ludwig, the director of Android security.
“Since the beginning of the year, the number of devices affected by user-installed malware across the ecosystem went from about 0.63 percent, which is well under one percent where it was tracking steadily for years, to about 0.25 percent,” Ludwig told CyberScoop. That’s almost a 60 percent reduction. “So we basically cut that in half.”
On the world’s biggest mobile operating system, however, even those seemingly small percentiles can add up to huge numbers. Furthermore, the Play Protect system finished dead last in recent tests of mobile security software, according to the German antivirus testing lab AV-Test.
“Well over 99 percent of devices are clean,” Ludwig said. “One big Googlism is to set goals that we know we can’t reach. Our goal is to hit less than 1 in a million.”