GM Bank Trojan targets Australian banks

Australian banks have been spoofed by a fast-evolving Android Trojan used in a growing number of attack campaigns.

Security company Avast has encountered malware campaigns involving GM Bot spoofing Bank West, ING Direct, National Australia Bank, Commonwealth Bank, Bank of South Australia, St. George Bank and Westpac.

Worldwide, GM Bot is targeting more than 50 banks in at least eight countries, Avast researchers have found. In the past three months, Avast mobile users have encountered GM Bot more than 200,000 times.

The Trojan is designed to trigger the fake overlay when a user opens a banking app to trick victims into surrendering their banking details. It can also intercept SMS to obtain the two-factor authentication PINs needed to gain complete access to bank accounts.

GM Bot’s code has been leaked and made freely available on the darknet, meaning any cybercriminal can use the Trojan in their campaigns. This means that new variants with different capabilities are constantly being created.

It is mainly distributed on third-party app stores, often disguised as an adult content app or a plug-in such as Flash.

Once downloaded the app persistently requests administrative rights, and if it manages to gain full rights it can control anything happening on an infected device.

To protect against the threat of GM Bot, Avast recommends smartphone users install antivirus on their devices, stick to downloading apps from the official Google Play store and be careful in deciding whether to grant apps administrative rights.