Lookout Security Intelligence teams are continuously discovering and researching new threats to protect and advise our customers. We do this by combining static and dynamic analysis with our machine learning engine. Devices with Lookout installed can detect and be alerted when BancaMarStealer is present. Lookout admins can create policies that block access to corporate resources until the malware is removed from the infected device.
The Lookout Threat Intelligence team discovered BancaMarStealer, a mobile trojan malware family designed to phish the victim’s login credentials for banking and other services. Since initially being announced by Lookout in 2018, the number of observed samples of BancaMarStealer has grown from 7,700 to over 74,000 as of April 2021.
BancaMarStealer is a mobile-specific banking trojan that serves as a perfect example of malware-as-a-service (MaaS). Out of the box, it can be configured to target specific banks, or any online service, communicate with specific command and control servers, and support a wide range of remote commands. It is delivered to the victim via SMS in a message that prompts the user to download a custom app. This makes it highly effective in social engineering campaigns.
Since it’s a highly customizable piece of malware, BancaMarStealer continuously evolves and has become one of the most robust banking trojans seen to date. In addition to being able to steal login credentials through screen overlays, it also has the following capabilities:
September 15, 2023
Scattered Spider, aka UNC3944, was able to successfully target and gain access to the infrastructure of Caesars Entertainment in its latest campaign
September 19, 2023
September 18, 2023