This Android malware has affected almost all Indian banking apps!
In India, banking apps are increasingly being used for carrying out Internet-enabled transactions conveniently. Almost every bank has a mobile app. But it looks like net banking isn't really safe in an era of increasing cybercrime. Security software company QuickHeal discovered a new Android banking malware "Android.banker.A9480" that's targeting 232 banking apps to steal user's login credentials. See if yours is on the list!
Which banking apps have been affected?
"Android.banker.A9480" malware has targeted several major banking apps, including SBI Anywhere Personal, Axis Mobile, iMobile by ICICI Bank, HDFC Bank MobileBanking, HDFC Bank MobileBanking LITE, , IDBI Bank GO Mobile+, Abhay by IDBI Bank Ltd, IDBI Bank GO Mobile, IDBI Bank mPassbook, Baroda mPassbook, Union Bank Mobile Banking, and Union Bank Commercial Clients. Over 20 cryptocurrency apps, including Bitcoinium, CoinPayments, and Bitfinex, were affected.
Keeps checking for 232 apps on devices
QuickHeal said the malware disguises itself as Flash Player. After installation, it requests administrative privileges. Even if the user kills the process and denies its request, the malware will keep popping up, asking access to admin rights. Once the permission is given, its icon is hidden; it starts carrying out malicious activities in the background. It keeps looking for 232 apps, including banking ones.
What exactly does the malware do?
Once the malicious app finds any of the targeted 232 apps on the victim's device, it sends fake notifications that appear to be coming from the targeted banking/financial apps. When the notification is clicked, a fake page (on top of original apps) tricks them into logging in, ultimately stealing their credentials. It hijacks SMSes and contact lists to send them to a malicious server.
Carries out malicious activities without user's knowledge: Quick Heal
QuickHeal's Bajrang Mane stated: "Like most other Android banking malware, even this one is designed for stealing login credentials, hijacking SMSs, uploading contact lists and SMS on a malicious server, displaying an overlay screen (to capture details) on top of legitimate apps."
Malware can also suppress notifications on the device
QuickHeal said the banking malware intercepts all incoming/outgoing SMSes from the victim device; this allows the cybercriminals to actually bypass the SMS-based two-factor authentication (OTP) for banking apps. It added the malware could, in fact, send SMSes "with a dynamically received text and number from the server's side." For suppressing SMS notifications received in this process, it can also "silent" the ringer volume.
How is the malware being circulated?
The malware is being distributed by a fake Flash Player available on third-party app stores, said QuickHeal. Bajrang Mane stated: "This is not surprising given that Adobe Flash is one of the most widely distributed products. Because of its popularity...it is often targeted by attackers."
How to protect your banking details from malware?
QuickHeal has given some suggestions to users for protecting themselves from this Android banking malware. It has recommended users to avoid downloading apps through links send via SMS and on third-party app stores to keep their banking details safe. In addition, they can install reliable mobile security software for detecting and blocking malware. Also, the OS and banking app versions must always be up-to-date.
