BankBot Trojan is Back!

chad@rainnetworks.com

A dangerous trojan is back on the Google Play market again, infamously dubbed the "BankBot Trojan". This Android based trojan infects users phones when they download the Jewels Star Classic game by GameDevTony. 20 minutes after the game is launched, the user gets a prompt to enable "Google service". Once the user clicks "OK", which is the only way to exit the prompt, they are taken to the Accessibility screen which now has a new option that has been added by the trojan called "Google Service".

Once the user goes through the full process of enabling "Google Service" the malware executes a handful of steps, which it was given permission to do by the user, to reach its eventual end goal of stealing the user's credit card info from the Google Play app. 

If you'd like to read more about how this malware operates, check out the full article on ESET's WeLiveSecurity blog! This is where we got the information to write this blog, and is a great source for IoT and security news.