GM Bank Trojan targets Australian banks


By Dylan Bushell-Embling
Wednesday, 02 November, 2016

GM Bank Trojan targets Australian banks

Australian banks have been spoofed by a fast-evolving Android Trojan used in a growing number of attack campaigns.

Security company Avast has encountered malware campaigns involving GM Bot spoofing Bank West, ING Direct, National Australia Bank, Commonwealth Bank, Bank of South Australia, St. George Bank and Westpac.

Worldwide, GM Bot is targeting more than 50 banks in at least eight countries, Avast researchers have found. In the past three months, Avast mobile users have encountered GM Bot more than 200,000 times.

The Trojan is designed to trigger the fake overlay when a user opens a banking app to trick victims into surrendering their banking details. It can also intercept SMS to obtain the two-factor authentication PINs needed to gain complete access to bank accounts.

GM Bot’s code has been leaked and made freely available on the darknet, meaning any cybercriminal can use the Trojan in their campaigns. This means that new variants with different capabilities are constantly being created.

It is mainly distributed on third-party app stores, often disguised as an adult content app or a plug-in such as Flash.

Once downloaded the app persistently requests administrative rights, and if it manages to gain full rights it can control anything happening on an infected device.

To protect against the threat of GM Bot, Avast recommends smartphone users install antivirus on their devices, stick to downloading apps from the official Google Play store and be careful in deciding whether to grant apps administrative rights.

Related News

GenAI 'grey bots' scraping data from websites

Research from Barracuda has highlighted the issue of morally and legally ambiguous 'grey...

Tanium partners with DXC on endpoint management

Tanium has secured a partnership agreement with DXC that will leverage the company's...

Surge in GenAI data uploads increasing unintentional cyber risk: report

Without proper data security controls, GenAI can turn employees into unintentional...


  • All content Copyright © 2025 Westwick-Farrow Pty Ltd