New "BasBanke" Android malware stealing financial data such as credentials and debit / card numbers

Researchers found a new Android malware known as "BasBanke" that targets Brazilian users to steal sensitive financial information such as credentials and credit / debit card numbers.
With over 10,000 installations from the official Google Play Store alone, a new Brazilian banking trojan, dubbed BasBanke, is setting trends in Brazil.

According to an article published on April 4 in a blog post, Kaspersky Labs researchers saw the malware start making rounds during the country's 2018 election and found the software has credentials stealing and keylogging.

In this case, CleanDroid is the malicious app that ads on Facebook and has shown the Google Play store download link. The app is one of the most common malicious applications.

"This fake app ensures that the victim device is protected from viruses, that memory space will be optimized and data saved when using a 3 G or 4 G connection. In fact, it's a malware banking.

Malicious apps from the Play Store

Malicious apps
Malicious Android apps that hosted in Google play Store posed as applications with supposed functionality such as a secure QR reader, a fake app for a real travel agency with travel deals, and – implementing a well-known trick – as an application to “see who visited your profile.” 

Malicious Android apps hosted by Google Play Store were apps with so - called functionality, such as a safe QR reader, a fake app for a real travel agency and, implementing a famous trick, a "see your profile" app.
Once targeted users are convenient, malicious apps gather metadata like the device name of the device, IMEI and telephone number and return them via the c2 server to the attacker.

IOC
Hashes

00de6f665a41be232a4df975944a2580
0f455547228459c65044845671c9de83
5ff98c27c34ec90c82bb46c28453e3e0
41301a295044410c41d547e6abc9a1a9
e1dfeee5bb82b27c5866da16063aa833
1aa0a4992168953a631a625ab181e236
11edce35dad85f3e188bfd13b718d19c
79cf391a3ae2477cd804c68850dba80d
6938b27cdbc5ac5e98fd2a34bde034a6
7e1bb73f514b6af7be16ab5bcb0efa5e












No comments: