Cybersecurity researchers have discovered a new Android banking trojan called BlankBot, which targets Turkish users with the goal of stealing financial information. The malware has various malicious capabilities, including customer injections, keylogging, screen recording, and communicating with a control server over a WebSocket connection.
BlankBot was first discovered on July 24, 2024, and is currently undergoing active development. It abuses Android’s accessibility services permissions to gain full control over infected devices. Some of the malware’s malicious APK files include “app-release.apk”, “app- release- signed(14).apk”, and others.
The malware uses a session-based package installer to bypass restrictions introduced in Android 13, allowing it to request dangerous permissions directly. It also implements screen recording, keylogging, and injects overlays based on commands received from a remote server to harvest bank account credentials, payment data, and unlock patterns.
BlankBot can intercept SMS messages, uninstall arbitrary applications, gather data such as contact lists and installed apps, and use accessibility services API to prevent users from accessing device settings or launching antivirus apps.
The malware is still under development, with multiple code variants observed in different applications. However, it can perform malicious actions once it infects an Android device.
Source: https://thehackernews.com/2024/08/new-android-trojan-blankbot-targets.html?m=1