‘BankBot’ Malware Found Inside Various Flashlight and Solitaire Apps on the Play Store

Google may be taking more proactive steps to make the Play Store a safer place through a number of new initiatives including Google Play Protect, but Android’s malware problem is not showing any signs of abating, as noted by Nokia in its recently-released ‘Threat Intelligence Report for H2 2017′. A new report from security software-maker Avast now suggests that a number of innocuous-looking apps listed on the Play Store until as late as last Friday were actually concealing a dangerous malware that targeted banking transactions of unsuspecting victims. These apps included multiple flashlight, Solitaire and ‘trash cleaner’ apps that have now been removed from the Play Store by Google.

Known as ‘BankBot’, the malware is a new version of a well-known banking trojan that has been sneaking into the Play Store time and again this year. While Google previously removed BankBot-carrying apps from the Play Store within days, several apps with the latest version of the malware remained active until November 17th, infecting “thousands of users”, according to Avast. The trojan is generally undetectable on affected smartphones, but jumped into life whenever a victim opened up legitimate banking software from a number of banks in the U.S. and Europe. The malware then superimposed a fake UI over the clean banking app in an effort to collect the unsuspecting user’s bank details.

The malware also had the ability to intercept bank transaction authentication numbers (TANs) in some cases, allowing the cyber criminals to steal money from these accounts. The affected banks include Citibank, Wells Fargo and Chase in the U.S., Credit Agricole in France, Santander in Spain, Commerzbank in Germany, among others. This particular version of BankBot was first spotted by security researchers at Avast on October 13th. It was found in ‘Tornado FlashLight’, ‘Lamp For DarkNess’ and ‘Sea FlashLight’ apps, as well as ‘Classic Solitaire’, ‘Spider Solitaire’, XDC Cleaner, and a few other rogue apps.

Avast says it has only been able to identify 132 out of the 160 affected banking apps because the package names are hashed. The company has already uploaded the list on its official blog, where you’ll also find a comprehensive list of the offending apps. Goes without saying, if you have any of those apps on your device, uninstall them immediately to save yourself from becoming an unwitting victim of cyber-crime.