Malicious Weather App has been discovered by ESET Malware Research Team in google play store which can spy your Android phone and easily lock / unlock your Phone by break the existing pattern/Password.

This application Primarily having their mobile banking app compromised.Detected by ESET as Trojan.Android/Spy.Banker.HU, the malware was a trojanized version of the otherwise benign weather forecast application Good Weather.

This app published in the store on February 4th 2017.ESET mention in their Blog ,that they discovered in very short time period since the app has uploaded in google play.

The trojan has been targeting 22 Turkish banking apps and has so far been downloaded by about 5,000 victims.

Once downloaded the malware has the ability to lock, unlock and intercept texts from the device, as well as, deliver the local weather. The malware accesses the victim’s banking credentials with its command-and-control server and is able to avoid the bank’s two-factor authentication system because it controls all text functionality.

Trojanized Good Weather app onGoogle Play

How does it works

According to ESET Explained the working Functions as “After the app is installed by an unsuspecting user, its weather-themed icon disappears. The infected device then displays a fake system screen requesting device administrator rights on behalf of fictitious “System update”. By enabling these rights, the victim allows the malware to Change the screen-unlock password and Lock the screen. “

legitimate Good Weather icon, Red – malicious version

ESET explined in Blog Post ,

Together with the permission to intercept text messages obtained during the installation, the trojan is now all set to start its malicious activity.

ESET Researcher’s Said ,The trojan displays a fake login screen once the user runs one of the targeted banking apps and sends entered data to the attacker. Thanks to the permission to intercept the victims’ text messages, the malware is also able to bypass SMS-based two-factor authentication.

As for the device locking, we suspect this function enters the picture when cashing out the compromised bank account, to keep the fraudulent activity hidden from the user. Once locked out, all victims can do is wait until the malware receives a command to unlock the device.

Targeted applications Discovered By ESET



com.garanti.cepsubesi

com.garanti.cepbank

com.pozitron.iscep

com.softtech.isbankasi

com.teb

com.akbank.android.apps.akbank_direkt

com.akbank.softotp

com.akbank.android.apps.akbank_direkt_tablet

com.ykb.androidtablet

com.ykb.android.mobilonay

com.finansbank.mobile.cepsube

finansbank.enpara

com.tmobtech.halkbank

biz.mobinex.android.apps.cep_sifrematik

com.vakifbank.mobile

com.ingbanktr.ingmobil

com.tmob.denizbank

tr.com.sekerbilisim.mbank

com.ziraat.ziraatmobil

com.intertech.mobilemoneytransfer.activity

com.kuveytturk.mobil

com.magiclick.odeabank

Also Read :