A security researcher is warning that an Android banking trojan BankBot has infected more than 400 bank apps on the Google Play store and is trying to steal login login credentials and credit card details.
The banking Trojan landed for the first time in January this year, when attackers used the source code of an unnamed Android banker. Attackers took the code and transformed it into BankBot. Research indicates that the Trojan has been used in attacks on banks in Russia, the UK, Austria, Germany, and Turkey.
BankBot has also been upgraded to conceal itself so that it avoids Google’s security scanner. Three different active campaigns have already been detected and taken down. In other words, Google has taken measures and has removed the infected apps carrying BankBot.
But as it often happens in the malware world, attackers were quick to react and replaced the eliminated apps with new ones. According to Securify, two new BankBot campaigns have been created and have once again bypassed Google’s security checks, meaning they could be found in the Play Store.