Posted on Tuesday, December 03 2019 @ 10:10 CET by Thomas De Maesschalck
ARS Technica
warns there's a new attack that targets fully patched Android phones. Cybercriminals are actively exploiting a spoofing vulnerability to attempt to drain victim's bank accounts. The Android bug enables malicious apps to camouflage themselves as legitimate banking apps. There are at least 36 apps out there that exploit this vulnerability, but none of them are found in the Google Play store. It seems the malware apps get installed via other methods, including through droppers apps and downloaders distributed on Google Play.
The vulnerability allows malicious apps to masquerade as legitimate apps that targets have already installed and come to trust, researchers from security firm Promon reported in a post. Running under the guise of trusted apps already installed, the malicious apps can then request permissions to carry out sensitive tasks, such as recording audio or video, taking photos, reading text messages or phishing login credentials. Targets who click yes to the request are then compromised.
Researchers with Lookout, a mobile security provider and a Promon partner, reported last week that they found 36 apps exploiting the spoofing vulnerability. The malicious apps included variants of the BankBot banking trojan. BankBot has been active since 2017, and apps from the malware family have been caught repeatedly infiltrating the Google Play Market.
