Catelites Bot Poses Threat To Android Users By Imitating 2200 Financial Institutions

There has been a recent report of financial malware, called the Catelites Bot, that has targeted over of 2,200 financial institutions worldwide through fake mobile banking apps on Android devices. There is a list of institutions that are targeted by this malware — over 180 are banks, credit unions and brokerage firms based in the United States.

About The Malware

Cybersecurity firms Avast and SfyLabs are seeing roughly one to two fake apps per week installing malware onto Android devices. These apps are either side loaded, executed via phishing, or downloaded from malicious adware. Once on the device, the icon looks like a shield with a checkmark and is titled “System Application.” If it’s clicked, it will ask for administrator rights, which should never be granted unless you really know what you’re doing. After the “System Application” app is clicked, it places three icons that are familiar onto the home screen: Gmail, Google Play and Chrome — all apps that users know well and tend to trust.

How It Works

How does the app pretend to be a legitimate financial institution? It uses actual logos and simple overlays to trick users. It not only can steal login details and payment card information, but also has the capability to intercept text/SMS messages, set ringer volumes so that you perhaps don’t notice incoming messages, retrieve running tasks from other applications on the device, and even wipe data from it or lock users out completely.

What to Do

Once the apps are on the home screen, they are irremovable. Cybercriminals are counting on people to open them and enter sensitive information such as payment card information and login credentials. The financial institution’s fake overlay will stay on top of the screen until the user enters credentials. But don’t. If anything looks amiss when opening a financial app, close it down immediately. If you suspect malware is on the device, shut it down and reboot into safe mode. Then delete the malicious apps. This process varies depending on the device, so make sure you find instructions for your specific one. If you are unsure how to do this, take it to an authorized support technician for help.

One good habit to adopt is to always keep current backups of your mobile devices. Should malware strike, you can often reset them to factory mode and reinstall an earlier version to get rid of malware. You can usually back them up to a computer or to cloud storage easily and quickly.

To Avoid Catelites

- Download apps only from official app stores. So far, this malware has only been found on third party sites. It has not been seen in the Google Play Store.
- Make sure that reputable security software is installed on your devices and kept up to date. Many of them will protect you from this particular threat.
- Don’t click links that arrive in email or via text/SMS that you are not expecting or you don’t fully trust.
- Avoid clicking on ads you see on the sides of your browser screens — they could be malicious. If you want to see something the ad is presenting, go to the store’s website directly and search for it there.
- Consider using ad-blocking software on your devices. There are many to choose from, and, as with all apps, do research on them and read reviews before downloading.
- Don’t give administrator access to any app, no matter how nicely it asks. Don’t blindly grant access to other items on your smartphones either. Consider, for example, if a calculator app really needs access to your camera. It doesn’t.

The overlays for this malware are not as sophisticated as some other financial malware, but still pose a significant threat. It counts on peoples’ willingness to enter credentials or payment card information.

As always, exercise caution when downloading apps from unfamiliar sites.

© Copyright 2018 Stickley on Security