The new Android banking malware ESET recently discovered on Google Play was spotted in the wild again, targeting more banks. Further investigation of this resurfacing threat has uncovered its code was built using source code that was made public a couple of months ago.
The previous version was detected by ESET as Trojan.Android/Spy.Banker.HU (version 1.1 – as marked by its author in the source code) and reported on February 6th. The malware was distributed via Google Play as a trojanized version of a legitimate weather forecast application Good Weather. The trojan targeted 22 Turkish mobile banking apps, attempting to harvest credentials using phony login forms. Moreover, it could lock and unlock infected devices remotely, as well as intercept text messages.