Name Alienbot Additional Names AlienBot Banker, Alien Type of Malware Banking Trojan Location – Country of Origin Mexico Date of initial activity 2018 Motivation Steal sensitive information such as login credentials, credit card numbers, bank account information Attack Vectors Infected apps on the Google Play Store Phishing emails Malware-infected websites Drive-by downloads Targeted System Android devices

Overview

AlienBot is a banking Trojan for Android, sold underground as Malware-as-a-Service (MaaS). It supports keylogging, dynamic overlays for credentials theft, as well as SMS harvesting for 2FA bypass. Additional remote control capabilities are provided using a TeamViewer module.

Targets

Financial institutions based mostly in Spain, Turkey, Germany, the US, Italy, France, Poland, Australia, and the UK.

Tools/ Techniques Used

Associated tools: open source applications (e.g., BeatPlayer, Cake VPN, Call-Recorder, eVPN, Music Player, Pacific VPN, QRecorder, QR/Barcode Scanner MAX) on Google Play store. / The AlienBot malware family is a Malware-as-a-Service (MaaS) for Android devices that allows a remote attacker, at a first step, to inject malicious code into legitimate financial applications. The attacker obtains access to victims’ accounts, and eventually completely controls their device. Upon taking control of a device, the attacker has the ability to control certain functions just as if he was holding the device physically, like installing a new application on the device, or even control it with TeamViewer.

References

1. What is AlienBot Banker?

The post Alienbot ( Banking Trojan ) – Malware first appeared on CyberMaterial.