Story image

Android.Fakebank.B malware variants trick users through social engineering

30 Nov 16

Symantec is warning Android users to watch out for a banking malware that is whitelisting itself to stay active and monitored by attackers.

The latest variants of the Android.Fakebank.B malware have used social engineering to bypass the battery-saving functions and constantly stay active in the background of Android devices. the company says.

The malware does this by displaying a popup that asks users to add the malware to the battery optimisations exceptions whitelist. If accepted, the malware stays connected to command and control servers at all times.

The malware can also bypass Doze, the power-saving feature in Android Marshmallow (6.0). Doze can initially conserve battery by restricting apps' network and CPU access, and Symantec says Doze is a 'hurdle' for banking malware that attempts to connect to command and control servers.

Figure 1: Code responsible for triggering Battery Optimisations exceptions whitelist pop-up

Symantec says that Marshmallow classes permissions as normal, dangerous and above dangerous. Those classed as normal are automatically approved and can't be disabled.

The malware uses the REQUEST_IGNORE_BATTERY_OPTIMISATIONS, a permission that is classified as normal. As a result, a popup appears that can trick users to allow the malware to bypass Doze restrictions.

Figure 2: Malware prompt claims that the app is called “Chrome” and requests whitelisting

Symantec recommends that users:

  • Keep mobile device software up to date
  • Only install apps fron trusted sources
  • Do not download apps from unfamiliar sites
  • Scrutinise what permissions the apps want and why
  • Use mobile security apps to protect data and devices
  • Make regular backups of important data
SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.
What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”