Cyber Advisory: Repackaging GCC banking Apps with Adware & Malware

There is an increasing trend of an old  attack vector targeting Bank customers through genuine banking Apps. The attack is executed by repackaging genuine banking App with either Adware or Malware and publishing these repackaged Apps on different App stores or File sharing forums.

Attack Description:

The attackers modifies the target banking app by adding a piece of code with the objective of pushing ads to bank customers during their usage of banking App. In result the attacker generates "pay per click" advertisement revenue.

Currently we are witnessing a number of such GCC banking Apps with Adware that are being pushed to customers through different file sharing hosts.  In the App samples collected and analyzed by IT Matrix team, the Apps did perform all banking  functions normally and we did NOT witness any other malicious code to steal any customer credentials or banking information. Though this DOES NOT RULE OUT the possibility of compromising customer information in any FUTURE attacks.


Continuous monitoring of App stores and File sharing sites for any such Malicious App

Mitigation Recommendation: 

1- Immediate "Take-Down" of any detected App. It is important to demonstrate the bank's name as a harder target for the attackers. 

2- Awareness of the attack to the Bank's E-Banking and Customer Help Desk teams

Ref URL:  

If you have any questions or comments , please email to This email address is being protected from spambots. You need JavaScript enabled to view it..