August 5, 2024 at 01:24AM
Cybersecurity researchers have discovered BlankBot, a new Android banking trojan targeting Turkish users to steal financial information. The malware employs various malicious capabilities, including customer injections, keylogging, and screen recording, and communicates with a control server over WebSocket connection. It also bypasses security features introduced in Android 13. Google is working on mitigation measures against SMS Blaster fraud.
Key takeaways from the meeting notes:
– A new Android banking trojan called BlankBot has been discovered, targeting Turkish users and aiming to steal financial information.
– BlankBot has various malicious capabilities, including customer injections, keylogging, screen recording, and communication with a control server over a WebSocket connection.
– The malware uses accessibility services permissions to gain full control over infected devices and is undergoing active development.
– The names of some of the malicious APK files containing BlankBot have been listed.
– The trojan employs session-based package installation to bypass restricted settings in Android 13.
– It can intercept SMS messages, uninstall arbitrary applications, gather data, and employ accessibility services API to prevent users from accessing settings or launching antivirus apps.
– Google has outlined mitigation measures to combat threat actors’ use of cell-site simulators to inject SMS messages directly into Android phones.
Please let me know if you need further details or any additional information.