Fake banking apps laced with malware continue to be an effective tool for threat actors. For the Yanbian Gang, a criminal group centered in Yanbian, China, that targets organizations across Asia, it's a craft they've been improving on for over a decade.
The Yanbian Gang has targeted South Korean Android mobile banking customers since 2013 with malicious Android apps purporting to be from major banks, namely Shinhan Savings Bank, Saemaul Geumgo, Shinhan Finance, KB Kookmin Bank, and NH Savings Bank. RiskIQ's threat research team examined some of the threat group's more recent activity in this vector to analyze their malware of choice and the large-scale hosting infrastructure they use to distribute and control it.
Article Link: https://www.riskiq.com/blog/external-threat-management/yanbian-gang-malware-distribution/