VERY IMPORTANT

BankBot is a family of Trojan malware targeting Android devices that surfaced in the second half of 2016. The main goal of this malware is to steal banking credentials from the victim’s device. It usually impersonates flash player updaters, android system tools, or other legitimate applications. Once installed, it hides itself and then tricks the user into typing his or her credentials into fake bank web pages that have been injected onto the device’s screen. The original code of BankBot was divulged on a Russian forum in late 2016, and you can read more about that here. Over the past few months, new strains of this infamous Android malware family have surfaced in third-party APK markets, as well as in the official Google Play store. FortiGuard Labs decided to analyze some of them, and in this report, I will discuss its evolution over the past 10 months.