Newly discovered BasBanke banking trojan found targeting Brazilian users

• Malware authors trick users into downloading the malware by advertising it as Facebook or WhatsApp messages.
• The malware is capable of keystroke logging, screen recording, and SMS interception.

A new Android banking trojan dubbed BasBanke has been discovered targeting Brazilian users. The malware’s capabilities include but is not limited to stealing financial data such as credentials and credit/debit card numbers of users.

What’s the matter - According to Kaspersky Labs researchers, the BasBanke trojan was first observed during the 2018 Brazilian elections. Since then, it has registered over 10,000 installations till April 2019 from the official Google Play Store.

How does it spread - Malware authors trick users into downloading the malware by advertising it through Facebook or WhatsApp messages. Once the victims click on these messages, they are redirected to URLs that are either the official Google Play Store or a website hosting malicious APK packages.

On the Google Play Store, fake versions of a secure QR code and CleanDroid apps are used to disguise the malware. The victims, think these as the legitimate apps and download it, thus unleashing the malicious activities in their Android phones.

“The most widespread malicious application is a fake version of CleanDroid, first announced in a paid advertisement on Facebook, and linking to the application hosted on the Play Store. This “miraculous” application promises to protect the victim’s device against viruses, to optimize memory space, and to save data when using a 3G or 4G connection. In reality it is a banking trojan,” the researchers explained.

What are its capabilities - Apart from stealing financial data, the malware can also perform other nefarious tasks such as keystroke logging, screen recording, and SMS interception.

Although banking applications and websites are the primary targets of BasBanke, there are a couple of other popular websites that are on the target list. This includes Spotify, YouTube, and Netflix.

Experts believe that BasBanke will soon be as a forerunner in the upcoming malicious campaigns.