Google Play Store Apps Infected with BankBot Anubis

Beginning in June 2018, IBM X-Force researchers observed at least ten malicious Google Play Store apps. Infected apps span a range of categories including automotive, financial, and shopping. Once installed, the apps’ downloader fetches the BankBot Anubis banking trojan which prompts the user for accessibility rights under the guise of a “Google Protect” app. Granting permission gives the perpetrators access to perform keylogging, take screenshots, and monitor user actions with the intent to steal user login credentials within banking apps and e-wallets. Researchers believe this is a well-planned and well-resourced campaign as the apps bypass anti-virus software and the developers are regularly altering downloader code to evade Google’s security controls. Google has been made aware of the malicious apps. The NJCCIC recommends reviewing our threat profile on BankBot and our recommendations for securing your Android device. Users are also advised to exercise caution before downloading apps onto their device, even those available in official app stores, and refrain from granting apps unnecessary permissions.