This banking trojan named “BasBanke” came to fruition during October of 2018, when the Brazilian general election was taking place. Since that period, apps containing the malware have been downloaded over 10,000 times. Apps that contain the malware are being pushed through Facebook and WhatsApp ads, which will redirect the user to the legitimate Google Play Store or to an alternate site that also hosts the malicious APK packages. These apps pose as secure QR readers, travel agency booking, and “see who has visited your profile” tools. But in reality, they are loaded with malware that can perform tasks such as keystroke logging, screen recording, SMS interception and credit card or financial data theft. One of the most popular apps being downloaded is a faulty version of CleanDroid, which claims to be an antivirus tool for Android users, but is actually a banking trojan. Banking applications are being heavily targeted, as well as Spotify, Netflix, and YouTube. This is a prime example of the Google “Play Protect” being too weak to stop the malware contained within the applications.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is