Security News > 2024 > August > New Android Trojan "BlankBot" Targets Turkish Users' Financial Data

Cybersecurity researchers have discovered a new Android banking trojan called BlankBot targeting Turkish users with an aim to steal financial information.

Discovered on July 24, 2024, BlankBot is said to be undergoing active development, with the malware abusing Android's accessibility services permissions to obtain full control over the infected devices.

Like the recently resurfaced Mandrake Android trojan, BlankBot implements a session-based package installer to circumvent the restricted settings feature introduced in Android 13 to block sideloaded applications from directly requesting dangerous permissions.

BlankBot is also capable of intercepting SMS messages, uninstalling arbitrary applications, and gathering data such as contact lists and installed apps.

"BlankBot is a new Android banking trojan still under development, as evidenced by the multiple code variants observed in different applications," the cybersecurity company said.

The disclosure comes as Google outlined the various steps it's taking to combat threat actors' use of cell-site simulators like Stingrays to inject SMS messages directly into Android phones, a fraud technique referred to as SMS Blaster fraud.

News URL

https://thehackernews.com/2024/08/new-android-trojan-blankbot-targets.html