Newly discovered BasBanke banking trojan found targeting Brazilian users

Not all Messages claims to be from Facebook or WhatsApp are safe, as recently malware authors trick users into downloading malware in the pretext of social messages.

If downloaded, this malware can potentially perform keystroke logging, screen recordings and can also intercept SMS. The new in the line is BasBanke, a trojan that targets Brazilian users, and it steals financial data from the users. It is also believed that it can do more malicious acts than that.

Kaspersky Labs researchers state that the BasBanke trojan was first observed during the 2018 Brazilian elections. after which it has registered over 10,000 installations till April 2019 from the official Google Play Store.

As they come in the form of a Facebook or WhatsApp message, when clicked, they are redirected to URLs that are either the official Google Play Store or a website hosting malicious APK packages.

On the Google Play Store, fake versions of a secure QR code and CleanDroid apps are used to disguise the malware. The victims, think these as the legitimate apps and download it, thus unleashing the malicious activities in their Android phones.

The Kaspersky researchers further explain that “The most widespread malicious application is a fake version of CleanDroid, first announced in a paid advertisement on Facebook, and link to the application hosted on the

Play Store. This “miraculous” application promises to protect the victim’s device against viruses, to optimize memory space, and to save data when using a 3G or 4G connection. In reality, it is a banking trojan.” Initially, the attacks are targeted at the banking sector but there are also some other popular websites such as are there in their radar.

Although banking applications and websites are the primary targets of BasBanke, there are a couple of other popular websites such as Spotify, YouTube, and Netflix in its radar.