"Doctor Web" warns about the emergence of a dangerous malicious program that attacks the owners of mobile devices based on the operating systems of the Android family.

Android Malware. BankBot. 211. Origin is a banking Trojan that threatens users of dozens of countries around the world. The program is distributed under the guise of innocuous applications, for example, Adobe Flash Player. After entering the victim's device, malware attempts to gain access to Accessibility Service (Accessibility Service). To do this, the Trojan displays a window with a request, which again appears every time it is closed and does not allow working with the device.

Accessibility mode simplifies work with smartphones and tablets based on Android. It is also used to help users with disabilities: this mode allows programs to independently click on various interface elements, such as buttons in dialog boxes and system menus.

In the case of Android. BankBot. 211. Origin special mode is used to perform malicious actions.

So, the Trojan adds itself to the list of device administrators, sets the default message manager and accesses the screen capture functions.

Malicious steals confidential information from customers of financial institutions. So, the Trojan is able to display fake forms of entering a login and password over the launched banking programs, and also display a phishing window of the settings of the payment service with the request for information entry. The malicious program will correlate its actions with the managing server.