sb-au logo
Story image

Android.Fakebank.B malware variants trick users through social engineering

30 Nov 2016

Symantec is warning Android users to watch out for a banking malware that is whitelisting itself to stay active and monitored by attackers.

The latest variants of the Android.Fakebank.B malware have used social engineering to bypass the battery-saving functions and constantly stay active in the background of Android devices. the company says.

The malware does this by displaying a popup that asks users to add the malware to the battery optimisations exceptions whitelist. If accepted, the malware stays connected to command and control servers at all times.

The malware can also bypass Doze, the power-saving feature in Android Marshmallow (6.0). Doze can initially conserve battery by restricting apps' network and CPU access, and Symantec says Doze is a 'hurdle' for banking malware that attempts to connect to command and control servers.

Figure 1: Code responsible for triggering Battery Optimisations exceptions whitelist pop-up

Symantec says that Marshmallow classes permissions as normal, dangerous and above dangerous. Those classed as normal are automatically approved and can't be disabled.

The malware uses the REQUEST_IGNORE_BATTERY_OPTIMISATIONS, a permission that is classified as normal. As a result, a popup appears that can trick users to allow the malware to bypass Doze restrictions.

Figure 2: Malware prompt claims that the app is called “Chrome” and requests whitelisting

Symantec recommends that users:

  • Keep mobile device software up to date
  • Only install apps fron trusted sources
  • Do not download apps from unfamiliar sites
  • Scrutinise what permissions the apps want and why
  • Use mobile security apps to protect data and devices
  • Make regular backups of important data
Story image
Malware attacks abusing machine identities grew eightfold over the last 10 years - report
"Machine identity capabilities have become commoditised and are being added to off-the-shelf malware, making it more sophisticated and harder to detect."More
Story image
Three common pitfalls to avoid as pandemic accelerates Australian cloud adoption 
Outlining three of the key risks involved with cloud computing, as well as strategies for how to mitigate against them.     More
Story image
One Identity & Ping Identity join forces on identity management
The partnership brings together Ping Identity's access management technology with One Identity’s identity governance and administration (IGA) technology.More
Download image
Ultimate security: The best authentication just got better
Cloud applications can hold sensitive data, and top-notch authentication is key. But having separate tools for separate applications can be cumbersome - here's how to overcome that.More
Story image
CrowdStrike uncovers key cybersecurity findings following COVID-19
Businesses around the world see cybersecurity as a top investment following a mass move to remote working, and it is expected that technology budgets will rise despite uncertain economic times.More
Link image
Remote workforces can be a security hazard - but they don't have to be
Many companies have adjusted to a new reality: a workforce working from home. These workers need access to applications and files that sit inside the enterprise network, all while prioritising security. Here's how it can be done.More