Recent News - ESET Researchers Uncover New Android Banking Botnet With Victims in Almost 50 Countries


2017-02-23

In their investigation of the botnet-forming Android banking malware that they discovered on Google Play, ESET researchers discovered that both the Android Trojans and the C&C server were built using source code that was made public in December, 2016.

Android users were exposed to malware disguised as weather forecasting apps, capable of stealing banking credentials and locking the screens of infected devices’. Two versions of the botnet-forming Trojan made it onto Google Play. Each had a lifetime of several days and together achieved thousands of downloads before being detected by ESET and taken down by the Google security team in mid February.

A thorough investigation by ESET analysts revealed that these banking Trojans are modified versions of a source code made available online. Allegedly written from scratch, the “template” code of the binary, along with the code of the command and control server, which includes a web control panel, have been available on Russian forums since late December 2016. 

“On top of the source code being available to virtually anyone, the C&C server itself has also been left accessible to whomever has the URL, without requiring any credentials,” says ESET Malware reseracher Lukáš Štefanko. 

Analysis of the C&C server, which has been active since February 2, 2017, has revealed a list of victims. By February 23, when the C&C server was taken down by the hosting company based on ESET’s notice, the botnet contained 2,810 victims from 48 countries.

The fact that the source code of another example of Android banking malware has been made available online may lead to its proliferation, according to ESET security experts. “With tools for creating Android banking malware now accessible more easily and for free, Android users should take even more care about prevention,” recommends Lukáš Štefanko.

Detailed analysis of this malware along with advice on prevention and cleaning can be found on ESET’s blog, WeLiveSecurity.com.

Anyone interested in mobile security is also welcome to stop by ESET’s stand at this year’s Mobile World Congress.
 

 

About ESET
ESET®, the pioneer of proactive protection and the maker of the award-winning ESET NOD32® technology, is a global provider of security solutions for businesses and consumers. For over 26 years, the Company continues to lead the industry in proactive threat detection. By obtaining the 80th VB100 award in June 2013, ESET NOD32 technology holds the record number of Virus Bulletin "VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. In addition, ESET NOD32 technology holds the longest consecutive string of the VB100 awards of any AV vendor. ESET has also received a number of accolades from AV-Comparatives, AV-TEST and other testing organisations and reviews. ESET NOD32® Antivirus, ESET Smart Security®, ESET Cyber Security® (solution for Mac), ESET® Mobile Security and IT Security for Business are trusted by millions of global users and are among the most recommended security solutions in the world.

ESET recently updated its two-factor authentication (2FA) application, adding a secure validation to weak and static user passwords. This updated version of ESET’s 2FA application provides flexibility and deeper integration of 2FA into bespoke applications, making it the best cost-effective solutions for SMBs everywhere.

The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Jena (Germany), Prague (Czech Republic) and Sao Paulo (Brazil). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia) and an extensive partner network for more than 180 countries. For more information visit http://eset.version-2.sg/ or follow us on Facebook.

 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. Headquartered in Hong Kong, the Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

For more information, please visit www.version-2.com.sg or call (65) 6296-4268.

Previous News Next News

Return to the previous page