sb-nz logo
Story image

Android.Fakebank.B malware variants trick users through social engineering

30 Nov 2016

Symantec is warning Android users to watch out for a banking malware that is whitelisting itself to stay active and monitored by attackers.

The latest variants of the Android.Fakebank.B malware have used social engineering to bypass the battery-saving functions and constantly stay active in the background of Android devices. the company says.

The malware does this by displaying a popup that asks users to add the malware to the battery optimisations exceptions whitelist. If accepted, the malware stays connected to command and control servers at all times.

The malware can also bypass Doze, the power-saving feature in Android Marshmallow (6.0). Doze can initially conserve battery by restricting apps' network and CPU access, and Symantec says Doze is a 'hurdle' for banking malware that attempts to connect to command and control servers.

Figure 1: Code responsible for triggering Battery Optimisations exceptions whitelist pop-up

Symantec says that Marshmallow classes permissions as normal, dangerous and above dangerous. Those classed as normal are automatically approved and can't be disabled.

The malware uses the REQUEST_IGNORE_BATTERY_OPTIMISATIONS, a permission that is classified as normal. As a result, a popup appears that can trick users to allow the malware to bypass Doze restrictions.

Figure 2: Malware prompt claims that the app is called “Chrome” and requests whitelisting

Symantec recommends that users:

  • Keep mobile device software up to date
  • Only install apps fron trusted sources
  • Do not download apps from unfamiliar sites
  • Scrutinise what permissions the apps want and why
  • Use mobile security apps to protect data and devices
  • Make regular backups of important data
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Story image
Security training and tech: Empowering staff in a hybrid work environment
As employees travel back and forth between home and the workplace, are they walking through the door with cyber threats sitting on their devices?More
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More
Story image
Gartner: By 2023, 65% of the world will have personal data covered under modern privacy regulations
“Security and risk management (SRM) leaders need to help their organisation adapt their personal data handling practices without exposing the business to loss."More
Story image
Trend Micro receives AWS Outposts Ready designation
rend Micro solutions are now fully and demonstrably capable of integrating with Outposts deployments.More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More