back to article Banking trojan-slingers slip past Google Play's malware defences

Security researchers have uncovered an Android banking malware hiding on Google Play using stealthy new tactics. A game called "Bubble Shooter Wild Life" and an app named "Earn Real Money Gift Cards" in the Google Play Store are actually designed to drop banking malware named BankBot. "The malware only becomes active when the …

  1. Solarflare

    El Reg asked Google to comment on the incident, in particular the suggestion that crooks had figured out a way to smuggle malicious code past its security controls, but have not yet received a response.

    The play store has security controls beyond "remove it if someone says it's infected"?

  2. malle-herbert Silver badge
    Facepalm

    Why ?

    Would ANYONE be stupid enough to do online-banking on a portable unsecured device with an unpatched OS without a virus-scanner or firewall ?

    Most people are happy to login to their banking-website from their mobile phone while using an ancient version of Android or IOS and most banks don't seem to give a f*ck !

    And when people actually DO lose money the banks are more than happy to point this out so they don't have to refund the money...

    1. Anonymous Coward
      Anonymous Coward

      Re: Why ?

      As supposed to the app? Yes that sounds a bad idea. But the apps generally should work ok.

    2. ma1010 Silver badge

      Re: Why ?

      Well, for one thing, mobile deposits. It's nice to be able to deposit a check without physically going to the bank, and there's no way for me to do that on a PC with my bank - only the mobile app does that.

      That's about all I ever do with it, but it also can show me my balance or help me find a nearby branch, etc. when I'm not home. I do all my bill paying on my (Linux) PC, but mobile is sometimes an advantage.

      As for unpatched OS, whose fault is that? It's all about planned obsolescence, and most manufacturers (I'm looking at YOU, HTC) don't patch anything past 1 year. Google surprised me by supporting their hardware for a whole 2 years. Never happen, but there should be a law that they have to issue patches for everything for at least 10 years, IMHO.

      1. Anonymous Coward
        Anonymous Coward

        Re: Why ?

        Mobile check deposits sound like the most security risky method of using such an app.

    3. Aodhhan Bronze badge

      Re: Why ?

      Are you new to information security or do you just like to judge people?

      No matter how much you build something and make it idiot proof; someone finds a way to build a stronger idiot. Welcome to InfoSec.

  3. Anonymous Coward
    Anonymous Coward

    App runs fine

    If you deny the permissions, so there is your answer just deny the runtime permissions if you want play bust a move

    I'm pretty tired of the android malware clickbait hidden agenda, it's rather tiresome. With over 2 billion active android devices, more than Windows PCs, real world infections are pretty much unheard of, yet the noise from security "experts" is totally disproportionate.

    @malle-herbert. I would just an android device far more than I would trust a PC or MAC... By comparison they are both malware magnets

  4. oneeye

    The Noise from Security Experts, Helps get Things Patched!

    Anyone who thinks they are safe because the security community is making too much about vulnerabilities, is just plain foolish. Anyone who wants to harden their device, or software like browsers, is a practical person. They appreciate the hard work of infosec researchers. So, even if a device is a bit older, they can be proactive about securing those devices. It's not all doom, but many articles on how to stay safer too. Noise? I think NOT !

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019