The Bankbot malware first appeared in the Google Play store earlier this year, stealing victims banking information by presenting an overlay which looked identical to a bank’s app login page. These were removed in April, but Bankbot was once again discovered in the Play Store in early September.
What is Bankbot malware ?
A banking Trojan called Bankbot that not harmful in effect application such as WhatsApp or Runtastic app.
When is it compromised ?
When the application is installed and run we grant administrative privileges,the icon disappears from the home screen.From that moment the device is compromised
Here How credentials gets stolen
When the user launches it an overlay window will appear on the top of target app.The overlay window is created to look exactly like the target app, users usually believes they are interacting with the mobile banking app.
Here the malware creates a window that mimics the look-and-feel of the targeted mobile banking app, and that aims to trick users into entering their credentials.
BankBot subsequently tries to steal your banking credentials (e.g. username and Password) and credit card information with a technique “Overlay”.
Methods to protect from Bankbot :
2.Two factor authentication
Run-time Application Self-Protection (RASP) technology
RASP, which is a term coined by Gartner, protects mobile apps against application-level intrusions, such as overlay attacks. RASP solutions interfere with the banking Trojan’s process to create and display overlays.
Two-factor authentication technology
Apps protected in this way use two different authentication elements: something the user knows (e.g. the PIN), but also something the user has ( a cryptographic key stored on the mobile device, which is used to generate one-time passwords). While overlay attacks can be used to target they cannot attack the possession factor to steal the cryptographic key.
Before installing to protect these apps ESET researchers recommend users check the popularity of the app, it’s ratings and reviews in order to ensure the download is really what it purpose to be.