Analysis Summary

A newfound malware of Android banking trojans is named Android.BankBot.Coper. The malicious applications have a secluded design and a multi-stage disease system. They likewise have a few defensive methods assisting them with enduring expulsion endeavors. That permits the trojans to stay active longer and perform more successful attacks. All known Coper investor trojan alterations target Colombian clients to date. In any case, new forms focusing on clients from different nations are probably going to arise over the long haul.

All Android.BankBot.Coper tests found and explored by malware experts were spread as the authority Bancolombia monetary organization application called Bancolombia Personas. To make them appear more legitimate, the icon of these fake apps was designed to follow the looks of genuine software from the targeted bank.

Impact

• Data Exfiltration
• Information Theft

Indicators of Compromise

SHA1

• 8719a08fc2acab16ba4b1a8f1ae3d8f4a500a3fb
• 1a1200b2fbd0c1169905c0cacff541156a7d147b
• a97aa335672b5223f99c5806ec545e145158a298
• 322b3622aa82003d02d96d796da155665f234f2d

Remediation

• Block all threat indicators at your respective controls.
• Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls.
• Ensure that all operating systems, software, and applications are regularly updated with the latest security patches.
• Conduct regular security awareness training for users to recognize and avoid phishing emails.
• Enable antivirus and anti-malware software and update signature definitions promptly. Using multi-layered protection is necessary to secure vulnerable assets.
• Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.
• Implement network segmentation to limit lateral movement within the network.
• Implement continuous monitoring of network traffic and endpoint activities to detect any unusual or suspicious behavior.
• Develop and regularly test an incident response plan to ensure a swift and effective response in case of a security incident.
• Implement SIEM solutions to centralize log collection and analysis. This can help in identifying patterns of suspicious behavior and provide timely alerts for potential security incidents.
• Regularly back up critical data and ensure that the backup copies are stored securely.