A new version of BankBot hidden inside flashlight and Solitaire apps has affected thousands of Chase, Citi, and WellsFargo users across the world.
The Avast team has been working with ESET and SfyLabs to examine a new version of BankBot, and according to their report, the mobile banking malware could have affected thousands of Citi, Chase, DiBa, and WellsFargo users in countries like the US, Australia, Germany, Netherlands, France, Poland, Spain, Portugal, Turkey, Greece, Russia, Dominican Republic, Singapore, and the Philippines. While they have since been removed from the Play Store, several versions remained active until as recently as November 17, meaning it had plenty of opportunities to sneak into people’s phones and steal their sensitive banking information.
Several versions remained active in the Play Store until as recently as November 17, meaning it had plenty of opportunities to sneak into people’s phones and steal their sensitive banking information
As Avast points out, the new version of BankBot is created to be undetectable by Google’s automated algorithm inside the Play Store. Hackers embed it into apps like “Lamp for Darkness,” “Sea FlashLight,” “XDC Cleaner,” “Classic Solitaire,” and “Spider Solitaire” and the virus is activated as soon as these apps are downloaded. The malware can either superimpose a fake user interface onto your banking app and collect your user ID and password as they are typed. Alternatively, in some countries, the malware intercepts transaction authentication numbers to conduct illegal online transfers.
Fortunately, the aforementioned apps have been removed from the Play Store, but as you may have guessed, hackers are likely to return with a similar or worse yet, a more sophisticated version of the malware. So what can you do to protect yourself? Avast suggests a few ways:
- Confirm that the app you are using is a verified banking app. If the interface looks unfamiliar or odd, double-check with the bank’s customer service team
- Use two-factor authentication if your bank offers it as an option.
- Only rely on trusted app stores. If you deactivate the option to download apps from other sources, you will be safe from this type of banking Trojan activating on your phone
- Before downloading a new app, check its user ratings. If other users are complaining about a bad user experience, it might be an app to avoid
- Pay attention to the permissions an app requests. If a flashlight app requests access to your contacts, photos and media files, treat this as a red flag.
- Often, malware will ask to become device administrator to get control over your device. Don’t give this permission to an app unless you know this really is necessary for an app to work.
Have you been a victim of mobile banking malware? What kind of measures do you take to protect yourself? Let us know by leaving a comment below!