Mobile users beware: Android banking trojan targets Indian bank apps

An Android Banking Trojan/Malware that targets around 200 apps, including those offered by Indian banks, has been detected, prompting security researchers and banks to alert consumers.

The malware is designed for stealing login credentials, hijacking SMS messages, uploading contact lists and SMS messages to malicious servers by displaying a fake overlay screen on top of legitimate apps to capture user inputs, said software security firm QuickHeal in a post on Saturday.

"Do not download and install applications from untrusted sources offered via unknown website links on unscrupulous messages," said Canara Bank in a note to users. The bank suggested avoiding unknown wi-fi networks to prevent rogue access to devices.

While the malware has been successfully detected, there is no immediate mention any known occurrences of misuse so far.

Android.banker.A2f8a is being distributed through a fake Flash Player app on third-party stores. This is not surprising, said QuickHeal, given that Adobe Flash is one of the most widely distributed products on the internet and because of its popularity, it is often targeted by attackers.

The malicious app shows fake notifications on behalf of the original app and when users click on the fake notifications, they are directed to enter their login credentials into a fake login page.

The malware has targeted banking apps of Axis Bank, HDFC, ICICI, IDBI and Union Bank among others says the blog. The malware has also targeted a number of cryptocurrency apps like Bitcoinium, Bitcoin Wallet, BTC Safari and Bitfinex apart from many others.

A number of international banking and payment apps are also listed like ING Australia Banking, Citibank Australia, Citi Mobil UK, Singapore Digital Banking and PayPal Mobile and Amazon for Tablets.

The malware can intercept messages from incoming and outgoing messages and bypass SMS based two-factor authentication on the victim's bank account. It can suppress the device's ringer volume to prevent the user being alerted about SMSs.

Quick Heal has warned users that there is no official Adobe Flash Player available on the Google Play Store. Adobe had also announced that it will stop updating and distributing Flash player by the end of 2020 in all formats of browser.

Re-disseminated by The Asian Banker from Business Standard

Mobile users beware: Android banking trojan targets Indian bank apps

Diary of Activities
Malaysia Innovation Tour
19 - 22 March 2018 | Malaysia
Digital Finance 2018
22 March 2018 | Malaysia
The Future of Finance, West Africa
16 - 18 April 2018 | Nigeria
Beijing Innovation Tour
21 - 23 May 2018 | China