Android Banking Trojan targets over 232 banking apps, including Indian banks

Banks are warning customers of the risk of their mobile banking credentials being stolen by malware masquerading as a Flash player sent to them through unwarranted messages or through pop-ups on websites.

According to Quick heal Security Lab report, a new Android malware named Android.banker.A2f8a has been detected which targets banking applications. The Trojan targets over 232 banking apps, which includes a few Indian banks like Axis Mobile, HDFC Bank MobileBanking, and iMobile by ICICI Bank, IDBI bank (Go Mobile and Go Mobile+), IDBI Bank mPassbook, Baroda mPassbook, Union Bank among others.

The fake app asks users for administrative rights just after setup. Even if a user initially denies admin access, the app continues throwing pop-up windows until the user accepts. Once the app gets admin rights, it hides its icon and seeks financial apps. In the background, the Trojan carris out some malicious tasks like hijacking SMSes and contact lists, disclosing location details and, which it uploads to malicious servers, showing fake notification etc. Since the malware can impede incoming and outgoing SMS from an infected phone, it can also bypass the OTP based two-factor authentication on the user’s bank-account.

Consumers with banking apps on their Android devices must note that Android 4.1, Adobe Flash Player has been discontinued. Even in the latest GooglePlay Store, there is no Adobe Flash Player app available.

How to stay safe from this Trojan?

• Do not download apps from third-party app stores or links provided in SMSs or emails.
• Keep device OS and mobile security app up-to-date.
• Always keep 'Unknown Sources' disabled to avoid installation of apps from unknown sources.
• Verify app permissions cautiously before installing it, even from official store like Google Play.
• Install a reliable mobile security app that can detect and block fake and malicious apps before they can infect your device.

Tweet

Share