Android News

BlankBOT trojan – The new threat for Android 13 or later versions

Android News

Divya is an enthusiastic Tech writer who has been writing about Android and Tech news, apps, gadgets and web since 2017. She simplify complex tech concepts to provide practical insights to users of all level so they make the most out of their Android devices.

Related Items

A new Android banking trojan named BlankBOT trojan has been discovered by the Threat intelligence experts which has a capability of capturing SMS text messages, Banking information and even the user’s device lock pattern and Pin. This has been reported by Forbes.

And the most concerned thing is that BlankBOT  trojan  is invisible to most antivirus software.

On July 24, the new Android banking trojan has been spotted first by the trojan researchers at threat intelligence outfit Intel 471.

It was said by researchers that the banking trojan has a range of malicious capabilities, which could increase over time, these are:

  • Customer injections
  • Keylogging
  • Screen Recording
  • Communication with a control server over a WebSocket connection.

blanket trojan can affect android 13 or later devices

*Who are the targets of BlankBot trojan and How it works?

BlankBot trojan targets users of Android13 and newer as it is distributed as various utility applications and it doesn’t appear to be detected by many of the antivirus programs.

BlankBot trojan is gaining total control over the infected device as users enable Android accessibility services. Let’s understand the BlankBot’s process of working:

  • Once the user install app, it will be prompted to grant accessibility permission, as message displayed to explain that these permissions grants are needed to run the app properly.
  • Once the user grant the permission, black screen will appear showing that update of app is underway and it is advice to users not to touch anything. But in the background, it will start connecting to a malicious control server.
  • The app will start checking for the operating system, and if Android 13 or newer is found then ‘session-based package installer’ feature will be implemented which can even bypass the restricted settings.

The persistence will be maintained by BlankBot trojan on the infected devices as it prevents the users from doing number of things, like accessing settings is one of the example.

 

*How to mitigate BlankBot trojan infection ?

As mentioned by the researchers, BlankBot trojan is under active development with multiple code variants seen to date. Well, it can be stopped by following some basic security advice:

1.Firstly, the user needs to avoid side-loading anything, only rely on to use official app stores for downloads in device.

  1. Secondly, users should be aware about the accessibility permissions they grant, as it takes complete control over their device.
  2. Users should always think about the permissions asked and check it with alternative apps from official sources whether the same utility is asking such risky requirements or not.
Click to add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA Image

*

More in Android News

Android 15 to pixel devices

Android 15 roll out to these Pixel devices later this week: Check here the list

DivyaOctober 16, 2024
Read More
Google System Update October 2024

Google System Update October 2024: Read here what’s new

DivyaOctober 15, 2024
Read More
Google Play Store fixed header

Google Play Store could soon bring fixed header to install apps easily (APK teardown)

DivyaOctober 14, 2024
Read More