Android banking malware whitelists itself to stay connected with attackers

New Android.Fakebank.B variants use social engineering to bypass a battery-saving process and stay active in the background.

Recent variants of Android.Fakebank.B have been updated to work around the battery-saving process Doze. The variants display a pop-up message asking the user to add the threat to the Battery Optimizations exceptions whitelist. If this technique works, then the malware can stay connected to command and control servers even when the device is dormant.

Source: Symantec