Contributed By Samir Mody, VP, Threat Research at K7 Computing
K7 Threat Control Lab has provided a threat advisory on the recently reported ‘Android Banking Trojan’, which incidentally is not as recent as it is presumed to be.A storm in a teacup indeed.
The ‘Android Banking Trojan’ also referred as Bankbots, targeting banking applications is nothing new. It has been seen in the mobile malware world for quite some time now.
K7 Threat Control Lab has also emphasized that none of the banking apps that have been named is compromised, nor are they at some super high risk. However, it is strongly advised that users ensure that a robust and up-to-date security software is installed on their phone before they use any banking app.
Analyzing this banking Trojan reveals that it still avails of the usual social engineering technique of masquerading itself as a Flash Player app to trick the user into downloading and installing it. As expected this malware is only available in third-party markets of low reputation.
Further analysis reveals that the ‘Android Banking Trojan’ originated in Russia, and seeks out not only Indian banking applications but also banking apps from other parts of the world, based on their geo-location.
Users must always be aware that apps like PDF readers, Flash Players or any document-related apps would never require device administrator privileges, nor would they usually request for permissions to ‘SEND OR WRITE OR RECEIVE SMS’ since these are not required for their functionality. In contrast, this Android Banking Trojan requests such out-of-context permissions from the user which should be considered very suspicious.
precautionary measures
K7 Computing recommends:
- Installing a top-rated mobile security product such as K7 Mobile Security to block all kinds of infections
- Regularly updating the mobile OS and security application installed to stay clear of mobile malware
- Carefully analyzing the messages or alerts which are received before installing any app
- Never installing apps recommended by strangers
- Always preferring to download an app ONLY from the official Google Play store
- Never enabling‘Download from Unknown Sources’
- Refraining from downloading applications that you do not need
- Always verifying the reputation of the application by checking the reviews available before downloading it
- Avoiding using free Wi-Fi hotspots, in particular, those that are not password protected
In addition, K7 Threat Control Lab has also reported that Android Banking Trojan was blocked as soon as it was first spotted. The desired feature is already incorporated into the K7 Mobile Security product.K7 Mobile Security users are protected against this banking Trojan and its variants with the detection name, Trojan (0051c57a).