New Malware threats targeting Android appear regularly. The most worrying fact is that most of them manage to find their way into the Google Play Store, long before they are exposed by security experts. Google struggles to fight Malware attacks in several ways, but it is still unsuccessful. Most prominent example of this situation, is the comeback of a Malware known as the ‘BankBot Trojan’.
BankBot Trojan first appeared in the beginning of 2017 and Google has already removed four versions of it from the Play Store. A new version has appeared on the Play Store recently and reports show that it managed to infect thousands of devices before being identified.
This Malware typically comes bundled in Apps posing as Flashlight Apps in the Play Store. Upon opened, it checks if a banking App is installed on the victim’s device. Notably, its search list includes more than a hundred different banking Apps. If a banking App is installed, it downloads and installs a separate APK file. It then asks for root permissions, pretending to be a Play Store or System update. After gaining root access, it creates fake phishing overlays asking for user credentials for accessing the user’s banking account. But it does not stop there: It also mimics Facebook, Uber, Youtube and other widely-used Apps, to steal login information.
Previous versions of BankBot Trojan utilized the Accessibility Service to simulate clicks and enable installation from Unknown Sources. Accessibility Services were recently blocked by Google for most Apps due to security reasons. Latest version of BankBot Trojan does not make use of this feature and asks the user to manually enable it.
Don’t miss: microG Lets You Use Android without Google
How to Get Protected from BankBot Trojan
Google has already responded to the new Malware threat by removing all the Apps associated with it from the Play Store. Google Play Protect has also been updated. So, if you have any App associated with this Malware threat, you will receive a security notification by Google Play. Just make sure you connect your device to the network and perform any updates available, especially updates concerning Google Apps and Services.
There are also some general measures that you can take in order to get protected not only from BankBot Trojan, but also from any other Malware:
- Turn off Unknown Sources under Device Settings. This will actually disable installing any Apps outside the Play Store. Never enable this setting for Apps that you cannot trust.
- Remove root access from your device, unless absolutely required. If you need to have root support, make sure you make wise use of it. Root privileges on Android and other Linux-based systems actually allow an App to do anything it wants.
- If you are downloading Apps from the Play Store, make sure that you read user reviews before installing. Apps that hold a low score on the Play Store are usually not to be trusted.
- Last measure might be too strict, but it is actually the most effective. Considering that Malware Apps can even come through Google’s own App marketplace, nobody can really ensure an App is safe. Generally, the only way to know an App does not contain malicious code, is to have access to its code sources. Going with Open Source Apps only (for example by installing F-Droid), is the only way you can rest assured that your device is Malware-free. Nowadays, there is an Open Source alternative for almost every Android App.
If you would like to read more about Malware threats on Android and ways to get protected, you can read this dedicated article on DroidViews.