Skip to content

Export page to PDF

Technical Details


When the user installs this malware, it creates an icon like Google Play.

It contains the following malware APKs in its assets folder:

  • 1.apk
  • 2.apk
  • 3.apk
  • 4.apk
  • 5.apk
  • 6.apk
  • 7.apk
  • 8.apk

Once started, the FakeBank malware copies the said APKs to the SD card.

It then installs the abovementioned APKs. If the phone is rooted, FakeBank silently uninstalls the following by using the same icon and UI:

  • com.kbcard.kbkookmincard
  • com.ibk.spbs
  • com.smg.spbs
1.apk to 8.apk are disguised as com.kbcard.kbkookmincard, com.ibk.spbs, and com.smg.spbs.

com.kbcard.kbkookmincard, com.ibk.spbs, and com.smg.spbs are certain banking applictaions.

When users start the disguised smart banking apps and fill in their account information, the fake Smart Banking apps send private account information , received SMS, and call log to the remote server,http://{BLOCKED}[xxx].aspx.

Analysis By: Peter Yan

Social Media Links

Connect with us on