The newly discovered Android malware is targeting 232 banking apps including several Indian banks. Some of the banking apps being targeted by new Android malware include Axis Mobile, HDFC Bank MobileBanking, SBI Anywhere Personal, HDFC Bank MobileBanking Lite, iMobile by ICICI Bank, IDBI Bank GO Mobile+, Abhay by IDBI Bank Ltd, IDBI Bank GO Mobile, Baroda mPassbook, Union Bank Mobile Banking, and Union Bank Commercial Clients.
The new Android Banking Trojan known as “Android.banker.A9480” was discovered by Quick Heal Security Labs and it is claimed to be designed for stealing login credentials, hijacking SMSs, uploading contact lists and SMSs on a malicious server.
“Android.banker.A9480 is being distributed through a fake Flash Player app on third-party stores. This is not surprising given that Adobe Flash is one of the most widely distributed products on the Internet. Because of its popularity and global install base, it is often targeted by attackers,” Quick Heal explains in a blog post.
Explaining how the new Android malware disgiuses as a Flash Player, the malicious app after being installed asks the user to activate administrative rights. In case, user denies the request or kills the process, the app will keep throwing continuous pop-ups until the user activates the admin privilege. Once this is done, the malicious app hides its icon soon after the user taps on it.
After getting admin rights, the malicious ap in the background carries out tasks like keep checking the installed app on the victim’s device and particularly look for 232 apps which include banking and some cryptocurrency apps.
“If any one of the targeted apps is found on the infected device, the app shows a fake notification on behalf of the targeted banking app. If the user clicks on the notification, they are shown a fake login screen to steal the user’s confidential info like net banking login ID and password,” explain Quick Heal.
The report further adds that the malware can intercept all incoming and outgoing SMSs from the infected device. This enables attackers to bypass SMS-based two-factor authentication on the victim’s bank account (OTP).
Quick Heal claims that apart from banking apps, Android.banker.A9480 malware also targets cryptocurrency apps. We recommend our readers to stay safe from Android Banking Trojans by avoiding downloading apps from third-party app stores or links provided in SMSs or emails. Users should also keep the Setting for “Always keep ‘Unknown Sources’” disabled. As expected, enabling this option will allow installation of apps from unknown sources.