Security experts have warned about a dangerous form of banking malware that has managed to infiltrate the Google Play Store.
The malware has been hidden in what would at first sight appear to be inconspicuous flashlight and Solitaire apps.
A new report from cyber security firms, Avast, ESET and SfyLab say the so called BankBot malware has been infecting Android devices for months.
Once downloaded the app waits for unsuspecting users to open their banking app, which it then creates an overlay on top of the genuine app. Once the user enters their login details, the data is then recorded and sent back to the creators of the app.
The sophisticated malware can also break through two factor authentication by intercepting SMS messages to gain access to banking apps.
Google has removed some versions of the infected apps, but others were still infecting devices as recently as November 17th.
The apps are using a range of different techniques in order to avoid detection from Google’s security checks, security experts said.
The malware was first discovered in a number of different apps including Tornado FlashLight, SeaFlashLight and Lamp for DarkNess, as well as in a number of smartphone cleaning apps.
Security experts said they had identified 160 of the infected apps and that 132 had been removed from the Google Play Store.
The malware has infected users around the world, researchers said, including in Singapore, the Philippines, the US, France, Germany, Australia and Russia.
In order to protect yourself from mobile banking trojans security firm Avast recommends the following:
- Confirm that the app you are using is a verified banking app. If the interface looks unfamiliar or odd, double-check with the bank’s customer service team
- Use two-factor authentication if your bank offers it as an option.
- Only rely on trusted app stores, such as Google Play or Apple’s App Store. Even though the malware slipped into Google Play, its payload was downloaded from an external source. If you deactivate the option to download apps from other sources, you will be safe from this type of banking trojan activating on your phone
- Before downloading a new app, check its user ratings. If other users are complaining about a bad user experience, it might be an app to avoid
- Pay attention to the permissions an app requests. If a flashlight app requests access to your contacts, photos and media files, treat this as a red flag.
- Often, malware will ask to become device administrator to get control over your device. Don’t give this permission to an app unless you know this really is necessary for an app to work.Use a security app like Avast Mobile Security or AVG Antivirus for Android that detects and protects you from BankBot