Get ready for a rash of banking malware as source code is released online.
Source code of an android banking malware was released online along with information as to how to use it. While the malware itself is not new, the fact that it is now freely available to all, increases the danger to users everywhere..
The malware called Android.BankBit.149.origin works much the same as most banking malware apps. Once the user has downloaded and installed the app, it attempts to get the user to grant it full privileges. Once this is achieved, the malware removes it’s icon so that the user believes it is gone. However, the malware is still working in the background.
Hidden away on the phone, the malware communicates with a command and control server and awaits commands. The malware can send and intercept sms messages, steal contact information, make phone calls, track devices and steal sensitive information. One of the ways in which it steals this information, is by waiting for the user to open social media apps, banking apps, or even the Google Play Store. When the user does this, the app will launch a dialog box which appears to be the official sign in for that app, record the sign-in information, and deliver this back to the attackers servers.
The security research firm Dr. Web states that they have already discovered a new iteration of malware based on this released source code.
Once again, the standard user warning should be followed with this malware. Ensure that you can trust where you are downloading apps from. This malware can be disguised as any kind of app, or even injected into a real app. You may find versions of this malware in various third party app stores, or might find it available to download directly through links that are sent to you through email, sms, or through advertising. Additionally, look at the permissions apps ask for when installing. Be wary of granting permissions which do not seem to be necessary for the app you are running.
Again, this form of malware is really nothing more than an app, which requires user intervention download, and grant it access for the attack.