Trusted Design

A Look Into The New Strain Of BankBot

概要

BankBot is a family of Trojan malware targeting Android devices that surfaced in the second half of 2016. The main goal of this malware is to steal banking credentials from the victim’s device. It usually impersonates flash player updaters, android system tools, or other legitimate applications. Once installed, it hides itself and then tricks the user into typing his or her credentials into fake bank web pages that have been injected onto the device’s screen. The original code of BankBot was divulged on a Russian forum in late 2016, and you can read more about that here. Over the past few months, new strains of this infamous Android malware family have surfaced in third-party APK markets, as well as in the official Google Play store. FortiGuard Labs decided to analyze some of them, and in this report, I will discuss its evolution over the past 10 months.

Created: 2026-02-23

Indicators

類似Pulses

BankBot Found on Google Play and Targets Ten New UAE Banking Apps (score: 0.88)
Android banking malware masquerades as Flash Player (score: 0.82)
Android banking trojan as Flash Player and bypasses 2FA (score: 0.79)
Trojan-Banker.AndroidOS.Faketoken follow-up (score: 0.78)
Android Trojan GM Bot is evolving and targeting more than 50 banks worldwide (score: 0.78)

このPulseに関連する脅威アクター (事実ベース)

Dragonfly

Score: 7.20

Matched TTPs:

T1156 - Malicious Shell Modification
T1654 - Log Enumeration
T1547.013 - XDG Autostart Entries

MITREへのリンク →

BRONZE BUTLER

Score: 3.06

Matched TTPs:

T1156 - Malicious Shell Modification
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Gamaredon Group

Score: 10.06

Matched TTPs:

T1156 - Malicious Shell Modification
T1684 - Social Engineering
T1061 - Graphical User Interface
T1547.013 - XDG Autostart Entries

MITREへのリンク →

OilRig

Score: 16.90

Matched TTPs:

T1156 - Malicious Shell Modification
T1592.002 - Software
T1556.009 - Conditional Access Policies
T1547.013 - XDG Autostart Entries
T1526 - Cloud Service Discovery
T1547.008 - LSASS Driver

MITREへのリンク →

APT28

Score: 10.64

Matched TTPs:

T1156 - Malicious Shell Modification
T1592.003 - Firmware
T1547.013 - XDG Autostart Entries
T1055.008 - Ptrace System Calls

MITREへのリンク →

Magic Hound

Score: 12.65

Matched TTPs:

T1156 - Malicious Shell Modification
T1016.002 - Wi-Fi Discovery
T1592.003 - Firmware
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

MuddyWater

Score: 3.06

Matched TTPs:

T1156 - Malicious Shell Modification
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Winter Vivern

Score: 3.06

Matched TTPs:

T1156 - Malicious Shell Modification
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Silence

Score: 5.52

Matched TTPs:

T1156 - Malicious Shell Modification
T1684 - Social Engineering
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Volt Typhoon

Score: 6.35

Matched TTPs:

T1156 - Malicious Shell Modification
T1491 - Defacement
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT39

Score: 3.06

Matched TTPs:

T1156 - Malicious Shell Modification
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Kimsuky

Score: 24.59

Matched TTPs:

T1156 - Malicious Shell Modification
T1684 - Social Engineering
T1552.003 - Shell History
T1654 - Log Enumeration
T1001 - Data Obfuscation
T1656 - Impersonation
T1547.013 - XDG Autostart Entries
T1526 - Cloud Service Discovery
T1490 - Inhibit System Recovery

MITREへのリンク →

Dark Caracal

Score: 4.81

Matched TTPs:

T1156 - Malicious Shell Modification
T1547.008 - LSASS Driver

MITREへのリンク →

FIN7

Score: 10.27

Matched TTPs:

T1156 - Malicious Shell Modification
T1011.001 - Exfiltration Over Bluetooth
T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

APT38

Score: 14.68

Matched TTPs:

T1684 - Social Engineering
T1491 - Defacement
T1059.005 - Visual Basic
T1547.013 - XDG Autostart Entries
T1216 - System Script Proxy Execution

MITREへのリンク →

APT32

Score: 5.90

Matched TTPs:

T1684 - Social Engineering
T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

Wizard Spider

Score: 10.01

Matched TTPs:

T1684 - Social Engineering
T1556.009 - Conditional Access Policies
T1547.013 - XDG Autostart Entries
T1526 - Cloud Service Discovery

MITREへのリンク →

TA2541

Score: 8.85

Matched TTPs:

T1684 - Social Engineering
T1136.002 - Domain Account
T1001 - Data Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Cobalt Group

Score: 3.24

Matched TTPs:

T1684 - Social Engineering
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT37

Score: 6.86

Matched TTPs:

T1684 - Social Engineering
T1547.013 - XDG Autostart Entries
T1216 - System Script Proxy Execution

MITREへのリンク →

Velvet Ant

Score: 5.12

Matched TTPs:

T1684 - Social Engineering
T1490 - Inhibit System Recovery

MITREへのリンク →

PLATINUM

Score: 7.77

Matched TTPs:

T1684 - Social Engineering
T1547.013 - XDG Autostart Entries
T1686 - Disable or Modify System Firewall

MITREへのリンク →

BlackByte

Score: 6.39

Matched TTPs:

T1684 - Social Engineering
T1001 - Data Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT41

Score: 3.24

Matched TTPs:

T1684 - Social Engineering
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Turla

Score: 11.98

Matched TTPs:

T1684 - Social Engineering
T1136.002 - Domain Account
T1556.009 - Conditional Access Policies
T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

TA505

Score: 6.86

Matched TTPs:

T1016.002 - Wi-Fi Discovery
T1136.002 - Domain Account
T1547.013 - XDG Autostart Entries

MITREへのリンク →

RedCurl

Score: 3.62

Matched TTPs:

T1016.002 - Wi-Fi Discovery

MITREへのリンク →

Sandworm Team

Score: 4.40

Matched TTPs:

T1016.002 - Wi-Fi Discovery
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Medusa Group

Score: 11.05

Matched TTPs:

T1218.003 - CMSTP
T1552.003 - Shell History
T1547.013 - XDG Autostart Entries
T1216 - System Script Proxy Execution

MITREへのリンク →

Threat Group-3390

Score: 11.21

Matched TTPs:

T1218.003 - CMSTP
T1001 - Data Obfuscation
T1547.013 - XDG Autostart Entries
T1526 - Cloud Service Discovery

MITREへのリンク →

Fox Kitten

Score: 11.35

Matched TTPs:

T1491 - Defacement
T1656 - Impersonation
T1547.013 - XDG Autostart Entries
T1588.005 - Exploits

MITREへのリンク →

Scattered Spider

Score: 12.89

Matched TTPs:

T1491 - Defacement
T1136.002 - Domain Account
T1552.003 - Shell History
T1547.013 - XDG Autostart Entries
T1588.005 - Exploits

MITREへのリンク →

Moonstone Sleet

Score: 6.59

Matched TTPs:

T1491 - Defacement
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

Chimera

Score: 7.50

Matched TTPs:

T1491 - Defacement
T1592.003 - Firmware
T1547.013 - XDG Autostart Entries

MITREへのリンク →

LuminousMoth

Score: 3.24

Matched TTPs:

T1136.002 - Domain Account
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Ember Bear

Score: 5.90

Matched TTPs:

T1136.002 - Domain Account
T1656 - Impersonation

MITREへのリンク →

LAPSUS$

Score: 9.74

Matched TTPs:

T1136.002 - Domain Account
T1592.003 - Firmware
T1588.005 - Exploits

MITREへのリンク →

Metador

Score: 3.24

Matched TTPs:

T1136.002 - Domain Account
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Aquatic Panda

Score: 3.24

Matched TTPs:

T1136.002 - Domain Account
T1547.013 - XDG Autostart Entries

MITREへのリンク →

LazyScripter

Score: 3.24

Matched TTPs:

T1136.002 - Domain Account
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Andariel

Score: 3.24

Matched TTPs:

T1136.002 - Domain Account
T1547.013 - XDG Autostart Entries

MITREへのリンク →

BackdoorDiplomacy

Score: 3.24

Matched TTPs:

T1136.002 - Domain Account
T1547.013 - XDG Autostart Entries

MITREへのリンク →

INC Ransom

Score: 3.30

Matched TTPs:

T1552.003 - Shell History
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Contagious Interview

Score: 8.49

Matched TTPs:

T1552.003 - Shell History
T1656 - Impersonation
T1547.008 - LSASS Driver

MITREへのリンク →

Cinnamon Tempest

Score: 3.30

Matched TTPs:

T1552.003 - Shell History
T1547.013 - XDG Autostart Entries

MITREへのリンク →

FIN13

Score: 3.30

Matched TTPs:

T1552.003 - Shell History
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Play

Score: 5.97

Matched TTPs:

T1552.003 - Shell History
T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

Gorgon Group

Score: 3.93

Matched TTPs:

T1001 - Data Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Patchwork

Score: 3.93

Matched TTPs:

T1001 - Data Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

menuPass

Score: 3.93

Matched TTPs:

T1001 - Data Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Leviathan

Score: 4.22

Matched TTPs:

T1592.003 - Firmware
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Lazarus Group

Score: 14.90

Matched TTPs:

T1567.002 - Exfiltration to Cloud Storage
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage
T1547.008 - LSASS Driver
T1216 - System Script Proxy Execution

MITREへのリンク →

Mustang Panda

Score: 11.91

Matched TTPs:

T1567.002 - Exfiltration to Cloud Storage
T1547.013 - XDG Autostart Entries
T1526 - Cloud Service Discovery
T1055.005 - Thread Local Storage

MITREへのリンク →

Higaisa

Score: 3.84

Matched TTPs:

T1567.002 - Exfiltration to Cloud Storage

MITREへのリンク →

APT17

Score: 3.44

Matched TTPs:

T1656 - Impersonation

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1556.009 - Conditional Access Policies

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

HAFNIUM

Score: 7.58

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1055.008 - Ptrace System Calls
T1490 - Inhibit System Recovery

MITREへのリンク →

Tropic Trooper

Score: 3.44

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

APT29

Score: 5.97

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver
T1490 - Inhibit System Recovery

MITREへのリンク →

Storm-1811

Score: 3.30

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

FIN8

Score: 3.93

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1526 - Cloud Service Discovery

MITREへのリンク →

Windshift

Score: 3.30

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

Ajax Security Team

Score: 3.30

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

BlackTech

Score: 3.15

Matched TTPs:

T1526 - Cloud Service Discovery

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.77

Matched TTPs:

T1156 - Malicious Shell Modification
T1654 - Log Enumeration
T1552.003 - Shell History
T1526 - Cloud Service Discovery
T1490 - Inhibit System Recovery
T1547.013 - XDG Autostart Entries
T1001 - Data Obfuscation
T1684 - Social Engineering
T1656 - Impersonation

MITREへのリンク →

APT38

Score: 0.56

Matched TTPs:

T1059.005 - Visual Basic
T1547.013 - XDG Autostart Entries
T1216 - System Script Proxy Execution
T1684 - Social Engineering
T1491 - Defacement

MITREへのリンク →

OilRig

Score: 0.55

Matched TTPs:

T1156 - Malicious Shell Modification
T1547.008 - LSASS Driver
T1526 - Cloud Service Discovery
T1592.002 - Software
T1547.013 - XDG Autostart Entries
T1556.009 - Conditional Access Policies

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る