BianLian Banking Trojan

The BianLian Banking Trojan is being dropped on users' Android devices via threatening loaders, masquerading as seemingly useful applications. Sometimes, such fake applications manage to bypass the security measures of legitimate application stores and get distributed through official channels. In most cases, however, users get infected after downloading the weaponized application from a dubious application platform or store. It should be noted that cybersecurity researchers noticed BianLian being dropped alongside another malware threat named Anubis.

Once BianLian has been deployed on the Android device, it allows the attackers to perform numerous intrusive actions. The main functionality of the threat involves performing overlay attacks. The malware will create a false login screen that appears identical to one of the targeted legitimate applications. When users enter their account credentials, the information is then transmitted to the attackers. The threat has been confirmed to target applications of several banking and financial institutions, as well as cryptocurrency applications.

In addition, BianLian can send text messages or intercept incoming ones. The functionality of the malware doesn't end there. The attackers can make phone calls, show push notifications, record the screen of the device and create an SSH server.