Story image

Android.Fakebank.B malware variants trick users through social engineering

30 Nov 2016

Symantec is warning Android users to watch out for a banking malware that is whitelisting itself to stay active and monitored by attackers.

The latest variants of the Android.Fakebank.B malware have used social engineering to bypass the battery-saving functions and constantly stay active in the background of Android devices. the company says.

The malware does this by displaying a popup that asks users to add the malware to the battery optimisations exceptions whitelist. If accepted, the malware stays connected to command and control servers at all times.

The malware can also bypass Doze, the power-saving feature in Android Marshmallow (6.0). Doze can initially conserve battery by restricting apps' network and CPU access, and Symantec says Doze is a 'hurdle' for banking malware that attempts to connect to command and control servers.

Figure 1: Code responsible for triggering Battery Optimisations exceptions whitelist pop-up

Symantec says that Marshmallow classes permissions as normal, dangerous and above dangerous. Those classed as normal are automatically approved and can't be disabled.

The malware uses the REQUEST_IGNORE_BATTERY_OPTIMISATIONS, a permission that is classified as normal. As a result, a popup appears that can trick users to allow the malware to bypass Doze restrictions.

Figure 2: Malware prompt claims that the app is called “Chrome” and requests whitelisting

Symantec recommends that users:

  • Keep mobile device software up to date
  • Only install apps fron trusted sources
  • Do not download apps from unfamiliar sites
  • Scrutinise what permissions the apps want and why
  • Use mobile security apps to protect data and devices
  • Make regular backups of important data
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.