Loading…
Botconf 2017 has ended
View analytic
Wednesday, December 6 • 17:15 - 18:05
The New Era of Android Banking Botnets

Log in to save this to your schedule and see who's attending!

Feedback form is now closed.
In the past, mobile malware used to target victims only to harvest SMS messages, which are often used as a 2FA (two-factor authentication) mechanism or as OTP (one-time password). Since late 2015, we have seen attacks which targeted the entire bank app with an overlay type of attack that started a new era in Android banking botnets. This is what we will be detailing and discussing on this presentation. In the past, mobile malware used to target victims only to harvest SMS messages, which are often used as a 2FA (two-factor authentication) mechanism or as OTP (one-time password). Since late 2015, we have seen attacks which targeted the entire bank app with an overlay type of attack that started a new era in Android banking botnets. This is what we will be detailing and discussing on this presentation.
First, we will quickly introduce the audience of past Android malware families that had SMS harvest as a goal. Perkele, Zitmo and iBanking are some examples of those families.
Then, we will focus on modern Android malware evolution in terms of obfuscation, anti-analysis, C&C communication and infection mechanisms. We will also provide insights into some of those modern Android malware botnets including some not yet known to the public. The Android malware families we will be discussing are: Slempo (also known as GMBot and SlemBunk), MazarBot, Catelites, Shifu, Marcher and BankBot (also known as Maza-in).

Speakers
PD

Pedro Drimel Neto

Threat Analyst, Fox-IT InTELL
Pedro Drimel Neto is a Threat Analyst at Fox-IT InTELL where he focuses on analysis of malware focused on cybercrime. In the past, he worked as a Malware Analyst at BlackBerry and Security Researcher at Qualys, Brazilian Government Research Center and zImperium.


Wednesday December 6, 2017 17:15 - 18:05
Corum Allée du Saint-Esprit, 34000 Montpellier, France