A new Android malware is reportedly targeting over 232 banking applications, including a few banks in India. This was discovered by the internet and cybersecurity firm Quick Heal, which identified the Android Banking Trojan imitating banking mobile apps around the world.
It includes major Indian banks apps from SBI, HDFC, ICICI, IDBI, and Axis, among others.
What is the malware?
The Trojan malware, named ‘Android.banker.A9480’, is being used to steal personal data such as login data, messages, contact lists, etc. from users and uploading it to a malicious server.
This malware also targets cryptocurrency apps installed on users’ phones to extract similar sensitive data.
Who has it affected?
According to Quick Heal, the banks affected by the malware include Axis mobile, HDFC Bank Mobile Banking, SBI Anywhere Personal, HDFC Bank Mobile Banking LITE, iMobile by ICICI Bank, IDBI Bank GO Mobile+, Abhay by IDBI Bank Ltd, IDBI Bank GO Mobile, IDBI Bank mPassbook, Baroda mPassbook, Union Bank Mobile Banking, and Union Bank Commercial Clients.
The full list can be found on Quick Heal’s original blog post.
How does the malware work?
The security firm has revealed that the malware is being distributed through a fake Flash Player app on third-party stores.
“This is not surprising given that Adobe Flash is one of the most widely distributed products on the Internet. Because of its popularity and global install base, it is often targeted by attackers,” the firm said in a statement.
Once the malicious app is installed, it will ask the user to activate administrative rights. The app sends continuous pop-ups until the user activates the admin privilege, even if the user denies the request or kills the process. Once activated, the malicious app hides its icon soon after the user taps on it.
They also revealed that if any of the targeted apps are found on the infected device, the app shows a fake notification on behalf of the targeted banking app. If the user clicks on the notification, they are shown a fake login screen to steal the user’s confidential info like net banking login ID and password.
Since the malware is able to intercept incoming and outgoing SMS from an infected smartphone, it can bypass the OTP based two-factor authentication on the user’s bank account and can misuse the access.
How can users protect their data?
It should be noted that Adobe Flash player has been discontinued after Android 4.1 version as the player comes integrated with the mobile browser itself. There is no official Adobe Flash Player available on the Google Play Store. Adobe had also announced that it will stop updating and distributing Flash player by the end of 2020 in all formats of the browser.
To stay safe from this trojan, users should take care to download only verified apps and avoid third-party apps or links provided in SMS or emails. Users should also keep the “Unknown Sources” option disabled in the settings (Settings > Security > Unknown Sources).
Additionally, users are advised to install a trusted mobile security app that can detect and block fake and malicious apps before they can infect their device.
It is also strongly advised to always keep the device OS and mobile security apps up-to-date as per official instructions.