This banking trojan named “BasBanke” came to fruition during October of 2018, when the Brazilian general election was taking place. Since that period, apps containing the malware have been downloaded over 10,000 times. Apps that contain the malware are being pushed through Facebook and WhatsApp ads, which will redirect the user to the legitimate Google Play Store or to an alternate site that also hosts the malicious APK packages. These apps pose as secure QR readers, travel agency booking, and “see who has visited your profile” tools. But in reality, they are loaded with malware that can perform tasks such as keystroke logging, screen recording, SMS interception and credit card or financial data theft. One of the most popular apps being downloaded is a faulty version of CleanDroid, which claims to be an antivirus tool for Android users, but is actually a banking trojan. Banking applications are being heavily targeted, as well as Spotify, Netflix, and YouTube. This is a prime example of the Google “Play Protect” being too weak to stop the malware contained within the applications.
Analyst Notes
Users are recommended to avoid following outside links that are advertising applications that can be downloaded on the Google Play Store. Although these can sometimes be legitimate, it is better to avoid them until a solution is found. App permissions should always be checked for before downloading and users should try to keep their Android device up to date.
