ESET research finds Android users were the target of new banking malware with screen locking capabilities, which was disguised as a weather forecast app on Google Play.
ESET researchers discovered new variant of botnet-forming Android banking malware, detected by ESET asTrojan.Android/Spy.Banker.HU, based on source code made public a couple of months ago. Their investigation leads to a running C&C server and looks under the lid of an active Android botnet.
The new Android banking malware ESET recently discovered on Google Play was spotted in the wild again, now improved and targeting more banks. Further investigation of this resurfacing threat has uncovered its code was built using source code that was made public online a couple of months ago.
As it turns out, the malware is able to display fake notifications on infected devices, prompting the user to launch one of the targeted banking apps on behalf of an “Important message” from the respective bank. By doing so, malicious activity in the form of a fake login screen is triggered.
If you have recently installed a weather app from the Play Store, you might want to check if you haven’t been one of the victims of this banking trojan. To clean your device, you can turn to a trusted mobile security solution, such as ESET Mobile Security, or you can remove the malware manually.
You can read the full story on ESET Ireland’s Official Blog.