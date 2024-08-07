KnowTechie Giveaway: Enter to Win a $1,299 VTMON Portable Power Station Enter Now

Cybersecurity experts have recently detected a new and dangerous Android trojan.

Researchers coined the name “BlankBot” for the vulnerability, which is capable of capturing SMS messages, lock patterns or device PINs, and more.

Worse, it could evade most antivirus checks, posing a massive risk to Android devices.

Intel 471, a threat intelligence firm, first detected BlankBot on August 1. This trojan has been actively developing and mostly targets users in Turkey.

As such, Blankbot possesses most of the malicious functionalities, including customer authentication, keylogging, screen recording, etc.

In addition, BlankBot can communicate with its control server via a WebSocket connection, making it harder to detect and remove.

How BlankBot operates

Currently, BlankBot is spreading through several utility apps on Android. The app instructs its users to grant accessibility permissions and then utilizes a blank screen to conceal its activities.

With permissions in hand, BlankBot sends a signal to its control server in the background. It identifies the Android version running on the device.

If it detects Android 13 or later, it uses a session-based package installer to bypass settings by asking for permission to allow third-party apps. This ensures the trojan can be installed and controlled on the device.

Preventing BlankBot breakdowns

There’s still hope, though. If you want to avoid Blankbot, there are a few standard things you can do to promote better security.

Some of the most important measures for safeguarding your Android device include:

Download from official sources: Download and install applications preferably from a reliable source, like the Google Play Store. Avoid side-loading applications, even though some interesting ones are out there. Manage permissions carefully: Be careful what kind of permissions you allow; especially accessibility permissions can give an application full control over the device.

Google’s response

In a statement to Forbes, a Google representative denied the potential vulnerability and stated that no apps on Google Play carry the BlankBot malware.

Be that as it may, the potential of it being out there is very likely, so the main takeaway here is not to download apps from any untreated course and watch out for any app that asks for access to your permissions.

