Internet security firm Quick Heal Security Labs says it has identified a new Android malware that can masquerade 232 banking apps including some Indian ones.
The malware, known as Android.banker. A2f8a corrupts banking apps to procure private details including login ID, password, SMS which contain OTPs and contact lists. The contact lists and messages can be uploaded on a malicious server, display an overlay screen (to capture details) on top of legitimate apps and execute other such malicious activities, Quick Heal wrote in a blog post.
The Android Banking Trojan was found as a part of a fake Flash Player app present on third-party stores. This fake app asks users for administrative rights just after setup. Even if a user initially denies admin access, the app continues throwing pop-up windows until the user accepts. Once the app gets admin rights, it hides its icon and seeks financial apps to steal data.
“Android.banker.A2f8a is being distributed through a fake Flash Player app on third-party stores,” Bajrang Mane, who leads the threat analysis, incident response, and automation teams in Quick Heal Security Labs, wrote in the post.
Mane said that Flash’s popularity makes it a common target for hackers.
If it accesses any of these apps from a user’s smartphone, it generates a fake notification sent on behalf of the banking app. Once the notification is accessed, the malware creates a fake login screen, which allows the trojan to steal confidential information like login ID and password for the banking app.
In India, Quick Heal identified the list of banks whose apps which are being targeted by Android.banker.A2f8a. This includes mobile banking apps of Axis Bank, HDFC Bank (regular and LITE versions), SBI Anywhere Personal, iMobile by ICICI Bank, IDBI Bank (Abhay, Go Mobile and Go Mobile+), Union Bank Mobile Banking and Union Bank Commercial Clients. The list also included mobile passbook apps such as IDBI Bank mPassbook and Baroda mPassbook.
Not only banking apps, but cryptocurrency apps, present on a user’s phone, have been affected too by this Trojan.
Users who have any of these apps on their phones are advised to install Avast free antivirus app to safeguard themselves from such malware.