These 12 banking apps are at risk
Last week, Quick Heal detected an Android Trojan stealing banking credentials from customers, following which several banks have issued advisories and warnings to customers about the risks. Banks have sent malware alerts, asking their customers to use mobile banking securely. The malware "Android.banker.A2f8a" (earlier detected as Android.banker.A9480) targets 232 banking/finance apps. These 12 major Indian banking apps are also on the list.
Steals confidential banking information using fake login screens
Android.banker.A2f8a malware is distributed through a fake Flash Player in third-party app stores. Once it finds any of the 232 targeted apps on the device, it sends fake notifications to users, redirects them to a fraudulent login screen (overlaid on top of legitimate apps), and steals banking credentials (ID and password). It can also hijack SMS, send USSD requests, and steal contacts lists.
How to protect your banking details?
Always use Google Play Store for downloading banking/finance apps and not third-party stores. Never click on links sent via SMS/emails (except from banks); they may be from attackers. Install security apps that detect malware. Karur Vysya Bank pointed out that Android (4.1 and above) mobile-browsers have built-in Adobe Flash player. Next, take a look at the targeted apps and what information attackers can steal.
SBI Anywhere Personal app also on attackers' list
The country's biggest lender SBI's official "SBI Anywhere Personal" app is also on the malware's radar. It offers services related to banking, transfers, fixed/recurring deposits, UPI payments, mPassbook, debit card blocking, recharges/bill payments, etc. It can be downloaded only from Google Play Store or by scanning the QR Code on SBI's website. SBI warns users not to use other platforms for downloading it.
Even iMobile by ICICI Bank is at risk
India's largest private bank ICICI Bank's official Android app "iMobile" provides over 150 banking/informational services to customers. Once customers log in, they can avail services like mobile banking, UPI based payments, InstaBanking, bill payments, etc. It's available on Google Play Store. Users can also send "SMS iMobile" to 5676766 or submit their number on ICICI's app information page to receive the download link.
HDFC's official Android app, lighter version targeted
HDFC Bank MobileBanking app offers account-related services, transfers, bill payments, etc. HDFC Bank MobileBanking LITE works without Internet. Users need not login; it works from registered mobile numbers. It may be easier for hackers gain access; they don't require login credentials. Both the apps are available on Google Play Store. Users can give a missed call on 1800-270-3344 for the regular app's download link.
Axis Mobile: Axis Bank's primary mobile banking app
Axis customers need to log in to Axis Mobile app to avail over 60 services/features. It's essential to understand that one can download the app only from Google Play Store or by giving a missed call on 18004190231 or by sending "SMS MBANK" to 5676782. Users can pay bills/recharges, locate ATMs/branches, check offers, and avail services related to bank accounts, credit cards, etc.
Use mobile banking in digitally secure manner: IDBI Bank
IDBI Bank GO Mobile+ (for mobile-banking), Abhay by IDBI Bank Ltd (better control over debit cards), IDBI Bank GO Mobile (mobile-banking), IDBI Bank mPassbook (viewing passbooks) apps are also among the targeted apps. IDBI informed its customers to adopt safe practices, requesting them not to install apps from unknown/untrusted sites. It warned them against using rooted Android and jailbroken iPhone devices for transactions.
Baroda mPassbook on the list, too
Bank of Baroda's "Baroda mPassbook" mobile app offers a mobile version of the physical passbook. Users can view and download updated information about their Bank of Baroda savings, current, credit card, loan, and deposit accounts. The app is currently available only on Google Play Store.
