Android users who recently downloaded the Good Weather app received quite a bit more than just a weather forecast: primarily having their mobile banking app compromised.
To accomplish this task, cybercriminals weaponized the Android weather app Good Weather by making it a trojan capable of delivering the banking malware Trojan.Android/Spy.Banker.HU, according to an ESET blog. Making this attack particularly dangerous and effective is the fact that the malicious actors used a legitimate app that was found in the Google Play store where ESET spotted it on February 4.
The trojan has been targeting 22 Turkish banking apps and has so far been downloaded by about 5,000 victims.
Once downloaded the malware has the ability to lock, unlock and intercept texts from the device, as well as, deliver the local weather. The malware accesses the victim's banking credentials with its command-and-control server and is able to avoid the bank's two-factor authentication system because it controls all text functionality.