Aussie banks targeted by Android GM Bot malware

By

Stay away from third-party app stores.

Australian banking customers are being targeted by Android mobile malware that attempts to gain full control and access to their accounts, security researchers have found.

Aussie banks targeted by Android GM Bot malware

Called GM Bot or Acecard, SlemBunk, Torec and Bankosy, the malware displays an overlay that looks similar to banking apps' login pages on Android devices, security vendor Avast said.

GM Bot is capable of intercepting SMS texts with two-factor challenge and response code for app logins, as it gains full administrative rights when installed.

The malware communicates with a command and control server over the TOR anonymising network, and is difficult to remove if it gains administrative rights.

Around 50 banks worldwide are on GM Bot's hit list, including NAB, the Commonwealth Bank, Westpac, Bank of South Australia, and St George.

The malware also targets payments service Paypal. Security vendor McAfee found a variant of GM Bot that asks users for identity card details, including a scan of the credentials and a selfie of the victims.

GM Bot first showed up on Russian darknet forums in 2014, Avast said. It is distributed on third-party app stores, often disguised as an adult content program or as a video codec.

Avast said its users had encountered GM Bot more than 200,000 times in the last three months.

The source code for the malware has been leaked, allowing anyone to build new versions and deploy GM Bot. Avast said the Trojan's creator, GanjaMan, has developed a second variant. 

Avast warned users to stick to trusted sources for apps, such as Google Play, to avoid infection. Users should also be careful when granting apps administrative rights.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Phishing attack nets enormous npm supply chain compromise

Phishing attack nets enormous npm supply chain compromise

VicRoads to phase out passwords in favour of passkeys

VicRoads to phase out passwords in favour of passkeys

Service NSW centralises security, networking in mammoth CloudOps overhaul

Service NSW centralises security, networking in mammoth CloudOps overhaul

Apple adds "mercenary spyware" protection to new A19 chip

Apple adds "mercenary spyware" protection to new A19 chip

Log In

  |  Forgot your password?