Last year, a lethal trojan known as ‘Anubis’ has been made headlines for notoriously seeping its way through Android devices, disguised as one of the innocent downloads in the Play Store. The malware would seek permission from the user to use accessibility services of the device. Then ‘Anubis’ will proceed to stealing the user’s login credentials to banking apps, payment card and e-wallets.
What is ‘Anubis’?
The malware ‘Anubis’ was planted through a “dropper” with the capability to bypass security of the Google Play Store and plant the malware under the cover of genuine looking apps. Bian Lian was the one responsible and the one who pushed the malware onto numerous Android devices.
Anubis is disguised in very popular and high demand apps such as device cleaners, rate converters, currency converters, discounter apps and many others. And according to Threat Fabric‘s report, it is made to ensure “that the malware would stay on the victims’ device as long as possible, the applications were actually working and even had a good rating in the Google Play store.”
The researchers from Threat Fabric reports that, the name BianLian refers to the ancient Chinese art form where the artist changes his/her face instantaneously. Also, the researchers have predicted that in the midst of dropping ‘Anubis’ malware, BianLian was on the way to becoming a full-blown banking trojan itself.
What is BianLian and how does it work?
Little did they know, BianLian has returned to do exactly the same. Researchers at Fortinet have reported that a new and improved BianLian malware is all boosted up with new techniques to attack banking apps. The malware records the screen activities and then steals the credentials.
The user’s accounts get blocked, to lock out users and to hide its malicious activities. But users won’t even notice it until the malware would render the devices useless.
Once BianLian gains the permission to use the accessibility services of your device, then it will immediately start the attack. A new screenshot module will record the financial windows as users type in their usernames, passwords, account numbers and card details.
And as the ancient legacy goes, BianLian is a master of disguise. So, it hides itself from every possible detection creeping its way, bypassing through security of the Play Store to target many end-users.
Fortinet‘s Dario Durando warned users that although BianLian “still seems to be under active development,” the updated functionality “puts it on a par with the other big players in the banking malware space.” Here is the complete list of banking apps that are targeted by BianLian malware.