Android malware Banker.BR Trojan targets users via phishing messages

Researchers are sounding the alarm about a new Android malware, specifically a banking Trojan. The research comes from IBM’s X-Force, who discussed the nature of the banking Trojan (dubbed “Banker.BR”) in a blog post. According to researchers, the Banker.BR Trojan is built from the source code of SMSstealer.BR.

Furthermore, Banker.BR appears to solely target users that speak Spanish and Portuguese. The highest concentrations of infections appear to be localized in Spain, Portugal, and Brazil, but much of Latin America has also seen infections as well.

The Banker.BR Trojan is spread via phishing messages that redirect to a malicious web page. This web page, as one might guess, has the user download the Trojan’s payload (under the guise of being a “security update”). This supposed security update is also mentioned in the initial phishing message that lures victims.

It should be noted that to download this Android malware, users must allow third-party applications. This should be the automatic alarm bell for users, but unfortunately, this is not enough. Google Play has its issues with Android malware, but the rate of infection is always increased when using unvetted third-party sources. The download page looks authentic enough to fool individuals, and as a result, they infect themselves.

As is the case with Trojans of this nature, Banker.BR is used to profit monetarily off of victims. How it does this is via credential-stealing which, according to IBM X-Force, is accomplished as follows:

In its current state, this malware can enable phishing via an overlay attack, thereby stealing users’ online banking credentials, it can allow the attacker to take over users’ bank accounts, and it can enable the theft of two-factor authentication (2FA) codes sent via SMS. These elements can help attackers complete fraudulent transactions from victims’ bank accounts.

In case it wasn’t made obvious earlier on, to prevent infection from Banker.BR you must simply resist phishing messages. If you are prompted to download something from unknown sources, don’t do it. Trojans like Banker.BR are a lot easier to avoid than some may think. You just need commonsense security strategies.

Featured image: Flickr / BenjaminThompson

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Contactless payments are hot, but are they secure?

The trend to contactless payments has accelerated as retailers and consumers adjust to COVID-19 realities.…

7 hours ago

Season’s fleecings: CISA warns on holiday shopping scams

The U.S. Department of Homeland Security is warning that online holiday shopping scams may be…

11 hours ago

Azure DNS: Using Azure DevOps to protect public DNS zones

This in-depth tutorial shows you how to use features available in Azure DevOps to boost…

14 hours ago

Report: Baidu Android apps had potential to expose data

Two apps from Chinese tech giant Baidu that had been available in the Google Play…

1 day ago

Shining a light on the dark shadow cast by shadow IT

Employees who don’t have the tools to get their jobs done sometimes turn to the…

2 days ago

Microsoft 365 troubleshooting: Diagnostic tools at your fingertips

Many Exchange Server troubleshooting tools don’t work with Microsoft 365. Fortunately, Microsoft has a bunch…

4 days ago