Security specialists from IBM X-Force, who previously discovered malicious applications for Android, warned about the appearance of several new samples of the dangerous Trojan BankBot Anubis, also known as Go_P00t. Google Play found at least 10 such applications in which malware is hiding.
According to experts, this time the Trojan propagation campaign is aimed at Turkish users, but with the help of various botnets and configurations, the software can easily be converted to any country, including Russia.
Malicious applications masquerade as online stores, financial clients and even programs for car owners and outwardly do not cause any suspicion. Moreover, neither the built-in check of Google nor VirusTotal finds anything dangerous.
Once installed on an Android device, applications download BankBot Anubis from one of their servers. Trojan requests access to various actions, appearing as the antivirus Google Protect. Then, malware can take screenshots and run fake authorization windows for banking applications.
Despite the fact that the number of downloads of these malicious programs on Google Play is relatively small, the spread of the Trojan is impressive. Only from one server IBM X-Force experts extracted more than a thousand samples of BankBot Anubis, each of which had its signature MD5. On the results of their research, they told Google.