Security researchers from Russian firm Dr.Web have discovered a new banking trojan namedthat hides inside a game cheating tool for Android users.
Google didn’t name it’s app store the “Play” Store for nothing because it knew very well that games would take up most of our time while on our devices, and they were right.
The Play Store currently harbors millions of games, from the most simple word puzzles to full-on sports simulators such as EA Madden Mobile.
Android.BankBot hides inside game cheating tool called HACK
As is with desktops, not all users are apt at playing these games, and some will feel the need to cheat their way to a round’s top score, or when playing against their friends.
The world of game cheating tools didn’t stop with desktops, and there are plenty such tools available for Android devices. Dr.Web security researchers are now warning users not to fall victim to their pride and narcissism, and stay away from such tools.
The company is basing its advice on their recent discovery of a game cheating app for Android games simplistically called HACK.
HACK needs administrator rights to function
Crooks are distributing this app from third-party stores, and users that install it are immediately prompted to give it administrator rights.
Once it gets them, then you probably know what happens. HACK hides its icon from the home screen, fingerprints the infected device, and starts communicating with a central command server.
From there crooks tell it to harvest login credentials for the user’s banking apps, and then instruct it to exfiltrate funds from the compromised account.
To go around two-factor authentication procedures, Android.BankBot can intercept and send USSD requests, SMS, and even reroute calls.
Android.BankBot is not as dangerous as Fanta SDK
Despite this, the app is not as dangerous as an Android banking trojan discovered by Trend Micro called, which if gets caught, locks the users device with a random PIN, in order to empty his bank account of all money.
Trend Micro said they found Fanta SDK on the same servers used to distribute other Android banking trojans such as. Dr.Web also revealed that the same Web server that distributed the HACK app was also spreading ZBot as well.
Below is a screenshot of the malicious app’s required privileges, and then the app requesting the user for administrator rights.