Apps Infected with Malware on Google Play Store

This week, the Alert Logic ActiveIntelligence team highlights how InterContinental Data Breach Expands From 12 to 1,200 Hotels and how a Google Play Store Apps Infected with Malware.

Malware

Google Play Store Apps Infected with Malware

132 Android apps on Google Play are infected with BankBot malware, with the most popular downloaded apps having more than 10,000 installs alone. The BankBot Android banking Trojan is giving Google engineers headaches, as this particular piece of malware has a knack for avoiding Google's security scans and reaching the official Play Store on a regular basis.

BankBot can steal login credentials for more than banking applications. Past versions were also able to steal login details for apps such as Facebook, Viber, Youtube, WhatsApp, Uber, Snapchat, WeChat, IMO, Instagram, Twitter, and the Google Play Store. Furthermore, BankBot could also lock the user's device in a ransomware-like behavior, and intercept SMS messages for the ability to bypass two-step verification operations.

References: BankBot Malware Targets Hundreds of Google Play Apps | Tons of Apps on Google Play Store Infected with BankBot Malware | Malware Reaches Play Store as Google Wages War Against BankBot Trojan

 

Mitigation Strategies:

Breach

InterContinental Data Breach Expands from 12 to 1,200 Hotels

InterContinental Hotels Group (IHG), which includes brands such as Crowne Plaza, Holiday Inn, Candlewood Suites and Kimpton Hotels, has released new information on a data breach which shows that the cyber attacks in late 2016 had consequences that are far worse than originally believed.

The team discovered that attackers were able to install malware on the servers that the hotels' payment card processing systems relied upon, which in turn slurped up information contained in credit card tracks such as cardholder names, card numbers and internal verification codes. However, IHG has quietly released additional information relating to the breach and it's not pretty.

References: InterContinental Hotels Group Reveals 'How It Minimized Recent Malware Attack' | IHG Reveals Second Credit Card Data Breach Occurred in 2016 | InterContinental Hotel Chain Breach

Mitigation Strategies:

This Week's Suspicious IP Addresses

61.177.172.28 218.65.30.53
116.31.116.46 113.195.145.52
113.195.145.13 200.142.156.60

*IP addresses provided by Recorded Future.