March 31, 2021

BancaMarStealer

Entry Type
Security Guidance
Threat Type
Malware
Threat Type
Crimeware
Platform(s) Affected
Security Guidance
Malware
Crimeware

How Lookout Detects and Protects Against Banking Trojan and Malware Campaigns

Lookout Security Intelligence teams are continuously discovering and researching new threats to protect and advise our customers. We do this by combining static and dynamic analysis with our machine learning engine. Devices with Lookout installed can detect and be alerted when BancaMarStealer is present. Lookout admins can create policies that block access to corporate resources until the malware is removed from the infected device.

Key Findings

  • This banking trojan can be very effective when combined with social engineering and mobile phishing.
  • As a highly customizable piece of malware, it can be used to target employees or customers of any organization.
  • The total number of samples has grown almost 10 times in three years.

Background and Discovery Timeline

The Lookout Threat Intelligence team discovered BancaMarStealer, a mobile trojan malware family designed to phish the victim’s login credentials for banking and other services. Since initially being announced by Lookout in 2018, the number of observed samples of BancaMarStealer has grown from 7,700 to over 74,000 as of April 2021.

Capabilities and Affected Parties

BancaMarStealer is a mobile-specific banking trojan that serves as a perfect example of malware-as-a-service (MaaS). Out of the box, it can be configured to target specific banks, or any online service, communicate with specific command and control servers, and support a wide range of remote commands. It is delivered to the victim via SMS in a message that prompts the user to download a custom app. This makes it highly effective in social engineering campaigns.

Since it’s a highly customizable piece of malware, BancaMarStealer continuously evolves and has become one of the most robust banking trojans seen to date. In addition to being able to steal login credentials through screen overlays, it also has the following capabilities:

How Lookout Detects and Protects Against Banking Trojan and Malware Campaigns

Lookout Security Intelligence teams are continuously discovering and researching new threats to protect and advise our customers. We do this by combining static and dynamic analysis with our machine learning engine. Devices with Lookout installed can detect and be alerted when BancaMarStealer is present. Lookout admins can create policies that block access to corporate resources until the malware is removed from the infected device.

Colleagues standing in an open meeting area and sharing a humorous moment

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Other Related Threats

New

September 15, 2023

Scattered Spider

Scattered Spider, aka UNC3944, was able to successfully target and gain access to the infrastructure of Caesars Entertainment in its latest campaign

September 19, 2023

CVE-2023-4863

September 18, 2023

ASPL 2023-09-01 / CVE-2023-35674