Analysis of a Polish BankBot
Date of publication: 16/01/2018, Agnieszka Bielec

Analysis of a Polish BankBot
Recently we have observed campaigns of a banking malware for Android system, which targets Polish users. The malware is a variant of the popular BankBot family, but differs from the main BankBot samples. Its victims were infected by installing a malicious application from Google Play Store. We are aware of at least 3 applications that were smuggled to Google Play Store and bypassed its antivirus protection:
- Crypto Monitor
- StorySaver
- Cryptocurrencies Market Prices
The last one is an older version which was uploaded to VirusTotal on 13.10.2017.
According to the ESET’s analysis “Crypto Monitor” and “StorySaver” reached between 1000 and 5000 downloads. In each case, the malware pretended to be a benign, useful application.