PhishLabs researchers recently came across BankBot Android Banking Trojan samples which have a redesigned Administration Panel and new URL paths in their C2 infrastructure. The actor may be customizing BankBot to his or her liking, or perhaps re-packaging the leaked software for sale under another name. The use of the branded domain, agressivex[.]com, supports the latter. The new panel login screen is displayed below next to a more typical BankBot Maza-in panel.
When most people think about cyber risk, they think primarily of their organization’s servers, PCs, and laptops, and how they might be vulnerable to attack.
But in recent years, the way in which users interact with the outside world has changed. In March this year, for the first time ever, Android overtook Windows to claim the largest share of Internet traffic.
And naturally, where users go, threat actors will surely follow.