Doctor Web security researchers regularly register cases of Android mobile devices being infected with banking Trojans. To make malicious applications spread faster, virus makers usually masquerade them as benign programs. Android.BankBot.104.origin is not an exception because cybercriminals distribute this malware under the guise of a hack tool for mobile games and as a game cheating program.
This time, attackers focused their attention on those who prefer to play hacked games, which makes a gameplay easier and faster. To successfully distribute the Trojan, virus makers monitor whether the potential victim surfs the Web in order to find cheat codes for the game to simplify its walkthrough (for example, infinite gold, crystals, and so on) or they would like to download a hacked version of the favorite game. Thus, among the search results, the user sees links that lead to various fraudulent websites specially designed to trick naive gamers.
These websites can inform users about more than 1,000 different mobile games—thus, the search engine displays fraudulent links on top of the search results. It is noteworthy that all these resources have valid digital signatures, which makes them seem quite legitimate.
When the user tries to download a game from this site, they are redirected to another scam webpage that is used to spread
Android.BankBot.104.origin under the guise of a hacked game or a game cheating software. In addition to this banking Trojan, the webpage can distribute other threats belonging to the
Android.ZBot family.
