One of the things that I’ve always been leery about when it comes to Android is the prevalence of malware on that platform. As in, you can trip over it without trying too hard and get yourself in trouble in the process. Here’s a case in point. The Hacker News is reporting that an app that advertised itself as a funny video player was on the Google Play Store. Here’s what it could do to you if you installed it:
Once downloaded, the app persistently requests administrative rights, and if granted, the banking malware can control everything that’s happening on an infected smartphone.
The BankBot springs into action when the victim opens any of the mobile apps from a pre-configured list of 425 banking apps. A complete list of banks a BankBot variant is currently imitating can be found on the blog post published by the researcher.
Once one of the listed apps is opened, BankBot immediately displays an overlay, which is a page on the top of legitimate mobile banking app and tricks Android users entering their banking credentials into the overlay, just like a phishing attack.
This was found by a researcher who contacted Google, who in turn yanked the app. But that’s not to say that there’s other variants floating around out there. But here’s the key point: This was found on the Google Play Store and not some shadowy third party app store. You have to wonder how that happened and if Google really tries to mitigate this stuff from showing up on the Play Store. From where I stand I have to question that because this is not a trivial Trojan seeing as it is clear that a significant amount of effort went into creating it and getting it to be able to do its evil work transparently.