Securify – blog – Banking malware in Google Play targeting many new apps
While casually browsing my daily notifications on Koodous I found banking malware on Google Play, which has many new banking app targets in its configuration. A new sample was flagged by one of my BankBot rules: Funny Videos 2017. It struck me as different than the usual BankBot samples since it was tagged as using DexProtector, a tool to heavily obfuscate APKs. In addition the app name wasn’t the usual popular name (i.e. Flash Player, HD Coded or Google Play Update), so I figured I’d check it out a bit more. Looking at the names of the activities and other manifest items it seemed like a normal app with inserted malware. I had read about another sample of the malware recently that was inserted into an existing app and uploaded to Google Play, so I figured I would check Google Play just to be sure. Still to my surprise it was actually there in Google Play.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.