A new Android banking trojan named BlankBOT trojan has been discovered by the Threat intelligence experts which has a capability of capturing SMS text messages, Banking information and even the user’s device lock pattern and Pin. This has been reported by Forbes.
And the most concerned thing is that BlankBOT trojan is invisible to most antivirus software.
On July 24, the new Android banking trojan has been spotted first by the trojan researchers at threat intelligence outfit Intel 471.
It was said by researchers that the banking trojan has a range of malicious capabilities, which could increase over time, these are:
- Customer injections
- Keylogging
- Screen Recording
- Communication with a control server over a WebSocket connection.
*Who are the targets of BlankBot trojan and How it works?
BlankBot trojan targets users of Android13 and newer as it is distributed as various utility applications and it doesn’t appear to be detected by many of the antivirus programs.
BlankBot trojan is gaining total control over the infected device as users enable Android accessibility services. Let’s understand the BlankBot’s process of working:
- Once the user install app, it will be prompted to grant accessibility permission, as message displayed to explain that these permissions grants are needed to run the app properly.
- Once the user grant the permission, black screen will appear showing that update of app is underway and it is advice to users not to touch anything. But in the background, it will start connecting to a malicious control server.
- The app will start checking for the operating system, and if Android 13 or newer is found then ‘session-based package installer’ feature will be implemented which can even bypass the restricted settings.
The persistence will be maintained by BlankBot trojan on the infected devices as it prevents the users from doing number of things, like accessing settings is one of the example.
*How to mitigate BlankBot trojan infection ?
As mentioned by the researchers, BlankBot trojan is under active development with multiple code variants seen to date. Well, it can be stopped by following some basic security advice:
1.Firstly, the user needs to avoid side-loading anything, only rely on to use official app stores for downloads in device.
- Secondly, users should be aware about the accessibility permissions they grant, as it takes complete control over their device.
- Users should always think about the permissions asked and check it with alternative apps from official sources whether the same utility is asking such risky requirements or not.
