Australian banking customers are being targeted by Android mobile malware that attempts to gain full control and access to their accounts, security researchers have found.
Called GM Bot or Acecard, SlemBunk, Torec and Bankosy, the malware displays an overlay that looks similar to banking apps’ login pages on Android devices, security vendor Avast said.
GM Bot is capable of intercepting SMS texts with two-factor challenge and response code for app logins, as it gains full administrative rights when installed.
The malware communicates with a command and control server over the TOR anonymising network, and is difficult to remove if it gains administrative rights.
Around 50 banks worldwide are on GM Bot’s hit list, including NAB, the Commonwealth Bank, Westpac, Bank of South Australia, and St George.
The malware also targets payments service Paypal. Security vendor McAfee found a variant of GM Bot that asks users for identity card details, including a scan of the credentials and a selfie of the victims.
GM Bot first showed up on Russian darknet forums in 2014, Avast said. It is distributed on third-party app stores, often disguised as an adult content program or as a video codec.
Avast said its users had encountered GM Bot more than 200,000 times in the last three months.
The source code for the malware has been leaked, allowing anyone to build new versions and deploy GM Bot. Avast said the Trojan’s creator, GanjaMan, has developed a second variant.
Avast warned users to stick to trusted sources for apps, such as Google Play, to avoid infection. Users should also be careful when granting apps administrative rights.