Creators behind malicious malware are evolving and coming up with new techniques to make it almost impossible for a normal user to spot them. A new banking trojan named BianLian, which was previously used as a dropper for spreading notorious banking malware like Anubis is affecting Android users all over the world.
Researchers from Fortinet have discovered a new version of BianLian, which is much more than just a dropper. Its creators have repurposed it by pushing continuous updates to make the malware more dangerous.
When a user downloads an app containing BianLian, it seeks permission to control the accessibility services of your Android smartphone. Once the user grants permissions, the modules of the malware can read your text messages and make calls, thus gaining control over your banking apps.
The latest version of BianLian comes loaded with a new screencast module which records everything that’s displayed on the screen. By recording the screen of a user, the bad actors behind the malware can get access to your usernames, passwords and other banking information required to steal funds from your bank account.
Besides screen recording, what makes this malware a more potent threat is a new means of obfuscation technique called “randomly generated garbage” that makes it almost impossible to spot it by a normal user.
This technique is intended to hide the malicious intents of the malware amongst random code. According to the researchers, the code base of the malware in question is “very messy” and most of the classes in the code don’t have any real function.According to Dario Durando, who is an Android malware analyst at Fortinet: “BianLian still seems to still be under active development. The added functionalities, even though not completely original, are effective and make this family a potentially dangerous one. Its code base and strategies put it on a par with the other big players in the banking malware space.”
You can read the complete analysis of the malware here.