Trusted Design

A Look Into The New Strain Of BankBot

概要

BankBot is a family of Trojan malware targeting Android devices that surfaced in the second half of 2016. The main goal of this malware is to steal banking credentials from the victim’s device. It usually impersonates flash player updaters, android system tools, or other legitimate applications. Once installed, it hides itself and then tricks the user into typing his or her credentials into fake bank web pages that have been injected onto the device’s screen. The original code of BankBot was divulged on a Russian forum in late 2016, and you can read more about that here. Over the past few months, new strains of this infamous Android malware family have surfaced in third-party APK markets, as well as in the official Google Play store. FortiGuard Labs decided to analyze some of them, and in this report, I will discuss its evolution over the past 10 months.

Created: 2026-02-23

Indicators

類似Pulses

BankBot Found on Google Play and Targets Ten New UAE Banking Apps (score: 0.88)
Android banking malware masquerades as Flash Player (score: 0.82)
Android banking trojan as Flash Player and bypasses 2FA (score: 0.79)
Trojan-Banker.AndroidOS.Faketoken follow-up (score: 0.78)
Android Trojan GM Bot is evolving and targeting more than 50 banks worldwide (score: 0.78)

このPulseに関連する脅威アクター (事実ベース)

Dragonfly

Score: 7.20

Matched TTPs:

T1113 - Screen Capture
T1564.002 - Hidden Users
T1105 - Ingress Tool Transfer

MITREへのリンク →

BRONZE BUTLER

Score: 3.06

Matched TTPs:

T1113 - Screen Capture
T1105 - Ingress Tool Transfer

MITREへのリンク →

Gamaredon Group

Score: 10.06

Matched TTPs:

T1113 - Screen Capture
T1055 - Process Injection
T1001 - Data Obfuscation
T1105 - Ingress Tool Transfer

MITREへのリンク →

OilRig

Score: 16.90

Matched TTPs:

T1113 - Screen Capture
T1137.004 - Outlook Home Page
T1555.004 - Windows Credential Manager
T1105 - Ingress Tool Transfer
T1588.003 - Code Signing Certificates
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT28

Score: 10.64

Matched TTPs:

T1113 - Screen Capture
T1589.001 - Credentials
T1105 - Ingress Tool Transfer
T1550.001 - Application Access Token

MITREへのリンク →

Magic Hound

Score: 12.65

Matched TTPs:

T1113 - Screen Capture
T1087.003 - Email Account
T1589.001 - Credentials
T1105 - Ingress Tool Transfer
T1566.003 - Spearphishing via Service

MITREへのリンク →

MuddyWater

Score: 3.06

Matched TTPs:

T1113 - Screen Capture
T1105 - Ingress Tool Transfer

MITREへのリンク →

Winter Vivern

Score: 3.06

Matched TTPs:

T1113 - Screen Capture
T1105 - Ingress Tool Transfer

MITREへのリンク →

Silence

Score: 5.52

Matched TTPs:

T1113 - Screen Capture
T1055 - Process Injection
T1105 - Ingress Tool Transfer

MITREへのリンク →

Volt Typhoon

Score: 6.35

Matched TTPs:

T1113 - Screen Capture
T1217 - Browser Information Discovery
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT39

Score: 3.06

Matched TTPs:

T1113 - Screen Capture
T1105 - Ingress Tool Transfer

MITREへのリンク →

Kimsuky

Score: 24.59

Matched TTPs:

T1113 - Screen Capture
T1055 - Process Injection
T1657 - Financial Theft
T1564.002 - Hidden Users
T1055.012 - Process Hollowing
T1585 - Establish Accounts
T1105 - Ingress Tool Transfer
T1588.003 - Code Signing Certificates
T1078.003 - Local Accounts

MITREへのリンク →

Dark Caracal

Score: 4.81

Matched TTPs:

T1113 - Screen Capture
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN7

Score: 10.27

Matched TTPs:

T1113 - Screen Capture
T1674 - Input Injection
T1105 - Ingress Tool Transfer
T1078.003 - Local Accounts

MITREへのリンク →

APT38

Score: 14.68

Matched TTPs:

T1055 - Process Injection
T1217 - Browser Information Discovery
T1036.006 - Space after Filename
T1105 - Ingress Tool Transfer
T1529 - System Shutdown/Reboot

MITREへのリンク →

APT32

Score: 5.90

Matched TTPs:

T1055 - Process Injection
T1105 - Ingress Tool Transfer
T1078.003 - Local Accounts

MITREへのリンク →

Wizard Spider

Score: 10.01

Matched TTPs:

T1055 - Process Injection
T1555.004 - Windows Credential Manager
T1105 - Ingress Tool Transfer
T1588.003 - Code Signing Certificates

MITREへのリンク →

TA2541

Score: 8.85

Matched TTPs:

T1055 - Process Injection
T1588.001 - Malware
T1055.012 - Process Hollowing
T1105 - Ingress Tool Transfer

MITREへのリンク →

Cobalt Group

Score: 3.24

Matched TTPs:

T1055 - Process Injection
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT37

Score: 6.86

Matched TTPs:

T1055 - Process Injection
T1105 - Ingress Tool Transfer
T1529 - System Shutdown/Reboot

MITREへのリンク →

Velvet Ant

Score: 5.12

Matched TTPs:

T1055 - Process Injection
T1078.003 - Local Accounts

MITREへのリンク →

PLATINUM

Score: 7.77

Matched TTPs:

T1055 - Process Injection
T1105 - Ingress Tool Transfer
T1056.004 - Credential API Hooking

MITREへのリンク →

BlackByte

Score: 6.39

Matched TTPs:

T1055 - Process Injection
T1055.012 - Process Hollowing
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT41

Score: 3.24

Matched TTPs:

T1055 - Process Injection
T1105 - Ingress Tool Transfer

MITREへのリンク →

Turla

Score: 11.98

Matched TTPs:

T1055 - Process Injection
T1588.001 - Malware
T1555.004 - Windows Credential Manager
T1105 - Ingress Tool Transfer
T1078.003 - Local Accounts

MITREへのリンク →

TA505

Score: 6.86

Matched TTPs:

T1087.003 - Email Account
T1588.001 - Malware
T1105 - Ingress Tool Transfer

MITREへのリンク →

RedCurl

Score: 3.62

Matched TTPs:

T1087.003 - Email Account

MITREへのリンク →

Sandworm Team

Score: 4.40

Matched TTPs:

T1087.003 - Email Account
T1105 - Ingress Tool Transfer

MITREへのリンク →

Medusa Group

Score: 11.05

Matched TTPs:

T1608.002 - Upload Tool
T1657 - Financial Theft
T1105 - Ingress Tool Transfer
T1529 - System Shutdown/Reboot

MITREへのリンク →

Threat Group-3390

Score: 11.21

Matched TTPs:

T1608.002 - Upload Tool
T1055.012 - Process Hollowing
T1105 - Ingress Tool Transfer
T1588.003 - Code Signing Certificates

MITREへのリンク →

Fox Kitten

Score: 11.35

Matched TTPs:

T1217 - Browser Information Discovery
T1585 - Establish Accounts
T1105 - Ingress Tool Transfer
T1213.005 - Messaging Applications

MITREへのリンク →

Scattered Spider

Score: 12.89

Matched TTPs:

T1217 - Browser Information Discovery
T1588.001 - Malware
T1657 - Financial Theft
T1105 - Ingress Tool Transfer
T1213.005 - Messaging Applications

MITREへのリンク →

Moonstone Sleet

Score: 6.59

Matched TTPs:

T1217 - Browser Information Discovery
T1105 - Ingress Tool Transfer
T1566.003 - Spearphishing via Service

MITREへのリンク →

Chimera

Score: 7.50

Matched TTPs:

T1217 - Browser Information Discovery
T1589.001 - Credentials
T1105 - Ingress Tool Transfer

MITREへのリンク →

LuminousMoth

Score: 3.24

Matched TTPs:

T1588.001 - Malware
T1105 - Ingress Tool Transfer

MITREへのリンク →

Ember Bear

Score: 5.90

Matched TTPs:

T1588.001 - Malware
T1585 - Establish Accounts

MITREへのリンク →

LAPSUS$

Score: 9.74

Matched TTPs:

T1588.001 - Malware
T1589.001 - Credentials
T1213.005 - Messaging Applications

MITREへのリンク →

Metador

Score: 3.24

Matched TTPs:

T1588.001 - Malware
T1105 - Ingress Tool Transfer

MITREへのリンク →

Aquatic Panda

Score: 3.24

Matched TTPs:

T1588.001 - Malware
T1105 - Ingress Tool Transfer

MITREへのリンク →

LazyScripter

Score: 3.24

Matched TTPs:

T1588.001 - Malware
T1105 - Ingress Tool Transfer

MITREへのリンク →

Andariel

Score: 3.24

Matched TTPs:

T1588.001 - Malware
T1105 - Ingress Tool Transfer

MITREへのリンク →

BackdoorDiplomacy

Score: 3.24

Matched TTPs:

T1588.001 - Malware
T1105 - Ingress Tool Transfer

MITREへのリンク →

INC Ransom

Score: 3.30

Matched TTPs:

T1657 - Financial Theft
T1105 - Ingress Tool Transfer

MITREへのリンク →

Contagious Interview

Score: 8.49

Matched TTPs:

T1657 - Financial Theft
T1585 - Establish Accounts
T1566.003 - Spearphishing via Service

MITREへのリンク →

Cinnamon Tempest

Score: 3.30

Matched TTPs:

T1657 - Financial Theft
T1105 - Ingress Tool Transfer

MITREへのリンク →

FIN13

Score: 3.30

Matched TTPs:

T1657 - Financial Theft
T1105 - Ingress Tool Transfer

MITREへのリンク →

Play

Score: 5.97

Matched TTPs:

T1657 - Financial Theft
T1105 - Ingress Tool Transfer
T1078.003 - Local Accounts

MITREへのリンク →

Gorgon Group

Score: 3.93

Matched TTPs:

T1055.012 - Process Hollowing
T1105 - Ingress Tool Transfer

MITREへのリンク →

Patchwork

Score: 3.93

Matched TTPs:

T1055.012 - Process Hollowing
T1105 - Ingress Tool Transfer

MITREへのリンク →

menuPass

Score: 3.93

Matched TTPs:

T1055.012 - Process Hollowing
T1105 - Ingress Tool Transfer

MITREへのリンク →

Leviathan

Score: 4.22

Matched TTPs:

T1589.001 - Credentials
T1105 - Ingress Tool Transfer

MITREへのリンク →

Lazarus Group

Score: 14.90

Matched TTPs:

T1001.003 - Protocol or Service Impersonation
T1105 - Ingress Tool Transfer
T1027.007 - Dynamic API Resolution
T1566.003 - Spearphishing via Service
T1529 - System Shutdown/Reboot

MITREへのリンク →

Mustang Panda

Score: 11.91

Matched TTPs:

T1001.003 - Protocol or Service Impersonation
T1105 - Ingress Tool Transfer
T1588.003 - Code Signing Certificates
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Higaisa

Score: 3.84

Matched TTPs:

T1001.003 - Protocol or Service Impersonation

MITREへのリンク →

APT17

Score: 3.44

Matched TTPs:

T1585 - Establish Accounts

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1555.004 - Windows Credential Manager

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

HAFNIUM

Score: 7.58

Matched TTPs:

T1105 - Ingress Tool Transfer
T1550.001 - Application Access Token
T1078.003 - Local Accounts

MITREへのリンク →

Tropic Trooper

Score: 3.44

Matched TTPs:

T1105 - Ingress Tool Transfer
T1078.003 - Local Accounts

MITREへのリンク →

APT29

Score: 5.97

Matched TTPs:

T1105 - Ingress Tool Transfer
T1566.003 - Spearphishing via Service
T1078.003 - Local Accounts

MITREへのリンク →

Storm-1811

Score: 3.30

Matched TTPs:

T1105 - Ingress Tool Transfer
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN8

Score: 3.93

Matched TTPs:

T1105 - Ingress Tool Transfer
T1588.003 - Code Signing Certificates

MITREへのリンク →

Windshift

Score: 3.30

Matched TTPs:

T1105 - Ingress Tool Transfer
T1566.003 - Spearphishing via Service

MITREへのリンク →

Ajax Security Team

Score: 3.30

Matched TTPs:

T1105 - Ingress Tool Transfer
T1566.003 - Spearphishing via Service

MITREへのリンク →

BlackTech

Score: 3.15

Matched TTPs:

T1588.003 - Code Signing Certificates

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.77

Matched TTPs:

T1657 - Financial Theft
T1055.012 - Process Hollowing
T1585 - Establish Accounts
T1055 - Process Injection
T1588.003 - Code Signing Certificates
T1564.002 - Hidden Users
T1105 - Ingress Tool Transfer
T1078.003 - Local Accounts
T1113 - Screen Capture

MITREへのリンク →

APT38

Score: 0.56

Matched TTPs:

T1217 - Browser Information Discovery
T1055 - Process Injection
T1036.006 - Space after Filename
T1105 - Ingress Tool Transfer
T1529 - System Shutdown/Reboot

MITREへのリンク →

OilRig

Score: 0.55

Matched TTPs:

T1588.003 - Code Signing Certificates
T1566.003 - Spearphishing via Service
T1105 - Ingress Tool Transfer
T1555.004 - Windows Credential Manager
T1113 - Screen Capture
T1137.004 - Outlook Home Page

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る