Banker.BR

The Banker.BR malware is a banking Trojan that targets Android mobile devices and appears to originate from Brazil. This nasty banking Trojan goes after users from all over South America. If your mobile device is protected by a legitimate anti-malware application, your system and your finances should be safe. However, if you have failed to protect your mobile device, you may be at great risk.

The authors of the Banker.BR malware are using fake messages designed to mislead users into launching a dodgy website. The shady Web page in question would request that the user downloads and installs an ‘enhanced security application.’ However, this application is not only not a ‘security application’ but a variant of the Banker.BR Trojan. As soon as the Banker.BR malware manages to infiltrate the targeted mobile device, it will gather some generic information about it – OS, IMEI, SIM ID, and other details deemed important. The Banker.BR Trojan will utilize the accessibility options of Android to get extra permissions. These permissions would allow the Banker.BR malware to keep an eye on the activity of the victim. When the user attempts to open a banking portal compatible with the Banker.BR Trojan, the threat will spawn a bogus pop-up window.

Next, the Banker.BR threat will make sure to display a fake overlay designed to phish the user’s login credentials. Of course, the Banker.BR Trojan supports a limited number of banking portals and will only work when one of them is launched. However, the authors of the Banker.BR Trojan have not put a lot of effort into making this scheme seamless. The majority of users are likely to spot that something is not quite right, as the images used by the Banker.BR threat are of low-quality. However, the users who fail to notice the red flags may provide the attackers with their login credentials and end up suffering significant financial losses. The Banker.BR threat also would attempt to bypass the 2FA (Two-Factor Authentication) of banking portals by monitoring the text messages of the user. This way, the Banker.BR malware would be able to collect the confirmation codes from various banking portals.

The good news is that the Banker.BR malware uses a single hardcoded C&C (Command & Control) server. This means that as soon as this C&C server is disabled, the threat would be rendered obsolete. However, the Banker.BR Trojan still has the potential to cause serious harm, so make sure to protect your Android device with a genuine anti-malware application.