Since this year’s high profile Equifax breach and numerous smartphone app malware incidents, users and software providers alike have been on high alert for potential security holes. The Google Play Store has been especially sensitive to the issue after numerous incidents, even going so far as to offer a $1,000 reward to security experts who successfully hack the apps or platform so that exploits can be fixed. However, it seems Android users still need to download with caution, as the Play Store is not only still plagued by malware, but is actually struggling with the same malware from earlier this year.
BankBot, while posing as a benign app, specifically targets a user’s banking credentials, credit card details, and other sensitive financial information. The harmful trojan uses a technique known as overlay, wherein it masquerades as a legitimate banking app by creating a new window that for all appearances looks correct, but is positioned over the top of the actual app when users attempt to run it. Unaware users then enter their login info into this fake screen, giving hackers access to their usernames and passwords.
The first BankBot incident took place earlier this year, with a second round of infections following soon after. This week, Android users were once again tricked into downloading the harmful malware, which this time masked itself as an app purporting to compare and track cryptocurrency. Its developers, who still remain unknown, are clearly updating the malicious piece of software regularly, this time going so far as to include a legitimate program. While earlier versions of BankBot merely created a fake window mimicking a legitimate app, the malware’s cryptocurrency tracking component did function as as advertised, albeit while secretly stealing the user’s sensitive information.
To the Google Play Store’s credit, they did react quickly enough to prevent the app from spreading, with it only being downloaded a few thousand times. Past incidents with similar malware have affected close to a million users, though again this is a small portion of Android’s 1.4 billion large user base. That said, to be facing the same piece of malware for the third time this year is clearly an embarrassing situation for the company, especially after this month’s WhatsApp incident which affected well over a million users. For the time being, Android users should take the same precautions they would with their PCs, making using of antivirus and avoiding suspicious third-party applications.