It’s a misconception that malware is limited to the world of computers. There are plenty of malware threats for mobile devices, including Android. BasBanke is the name of an Android malware family that appears to be targeted towards Brazil. BasBanke includes a banking trojan designed to steal financial information from victims such as debit and credit card numbers, online banking credentials, and more. The malware first appeared during the 2018 Brazilian elections with over 10,000 installations from the Google Play Store by April 2019.
What Does BasBanke Do?
The BasBanke malware performs a range of tasks, including screen recording, keystroke logging, SMS interception, and stealing financial information, including credit card numbers. The creators of the malware advertise it as a legitimate app through Facebook and WhatsApp to trick users into downloading it. The new URLs for the campaign contain redirects to the official Google Play Store, where the app can still be downloaded, or to a malicious website hosting compromised APK files.
An Emerging Threat
There are more malicious applications on Google Play Store than most would realize. These applications disguise themselves using fake features such as QR reader apps, hiding as legitimate apps, and – in one of the most popular moves – disguised as social media apps to tell people who visited their profiles.
One of the most common Android malware programs spreads through a fake version of the CleanDroid app. The app is advertised on Facebook and hosted on the Google Play Store. The app promises a range of capabilities, including protecting a device from viruses, optimizing memory space, and saving mobile data on 3G and 4G connections. The reality is that this app is a banking trojan.
There is a significant number of applications and websites targeting banks, in particular Brazilian financial institutions. These banking trojans also steal several pieces of metadata from the target device, including IMEI, device name, and phone number of the target. This information is sent to a C2 server because the attackers need this information to mimic having legitimate access to the stolen accounts successfully.
Different banking trojans may have different targets, but all of them are on the hunt for financial institutions. What makes BasBanke stand out among the crowd is that it uses Facebook and WhatsApp for distribution and appears to be much better distributed than other similar malware. The banking trojan has also shown how flawed the Google Play Store, in particular the Play Protect feature, can be. The attackers have had no problem hosting their malware on legitimate sources.
How to Avoid BasBanke and Other Banking Trojans
The Google Play Store is one of the easiest ways to avoid trojans. It would help if you still practice some caution when using the store; however, as BasBanke and other trojans have made their way on to the official store. While the Play Store does have anti-fraud protection, there can be some time between a malicious app being uploaded and removed. Check the reviews for an app before downloading it to make sure that it is a legit app you can trust. It also helps to look into the company behind the app for added peace of mind.
While some apps from outside the official store can be trusted, they should be thoroughly scrutinized. Avoid using unreviewed and unofficial application sources as much as possible, including downloading APK files from websites. The warning against untrusted download sources applies in particular to apps sent through social media and messenger apps, no matter the source of the message. BasBanke can have severe repercussions for you, your device, and your finances. The risk is not worth it.
Mobile users should consider getting some protection for their device in the form of antivirus apps. Even if these apps are unable to retrieve the stolen information, they should be able to detect and remove threats such as BasBanke. If you take the time to protect your computer, you should also take the time to protect your mobile device.
BasBanke is distributed through smart measures that show the creators behind it know what they are doing. The attackers clearly have an understanding of how people use the internet and mobile devices. It is up to those users to meet the challenge of threats such as BasBanke by being just as smart about how they use – and protect – their devices.