Android users were the target of new banking malware with screen locking capabilities, which was disguised as a weather forecast app on Google Play – in reality, it was a malicious weather app known as Trojan.Android/Spy.Banker.HU.
The malware was a trojanized version of the otherwise benign weather forecast application Good Weather.
This malicious app managed to get round Google’s security screening mechanisms and appeared in the google-play store on February 4th. It was reported by ESET just two days later and subsequently pulled from the store. During its short availability, the app found its way onto devices of up to 5000 users!
Besides the weather forecast functionalities it adopted from the original legitimate application, the trojan is able to lock and unlock infected devices remotely and intercept text messages. Apart from doing so, the trojan targeted the users of 22 Turkish mobile banking apps, whose credentials were harvested using phony login forms.