Mobile users beware: Android banking trojan targets Indian bank apps

An Android Banking Trojan/Malware that targets around 200 apps, including those offered by Indian banks, has been detected, prompting security researchers and banks to alert consumers.

The malware is designed for stealing login credentials, hijacking SMS messages, uploading contact lists and SMS messages to malicious servers by displaying a fake overlay screen on top of legitimate apps to capture user inputs, said software security firm QuickHeal in a post on Saturday.

"Do not download and install applications from untrusted sources offered via unknown website links on unscrupulous messages," said Canara Bank in a note to users. The bank suggested avoiding unknown wi-fi networks to prevent rogue access to devices.

While the malware has been successfully detected, there is no immediate mention any known occurrences of misuse so far.

Android.banker.A2f8a is being distributed through a fake Flash Player app on third-party stores. This is not surprising, said QuickHeal, given that Adobe Flash is one of the most widely distributed products on the internet and because of its popularity, it is often targeted by attackers.

The malicious app shows fake notifications on behalf of the original app and when users click on the fake notifications, they are directed to enter their login credentials into a fake login page.

The malware has targeted banking apps of Axis Bank, HDFC, ICICI, IDBI and Union Bank among others says the blog. The malware has also targeted a number of cryptocurrency apps like Bitcoinium, Bitcoin Wallet, BTC Safari and Bitfinex apart from many others.

A number of international banking and payment apps are also listed like ING Australia Banking, Citibank Australia, Citi Mobil UK, Singapore Digital Banking and PayPal Mobile and Amazon for Tablets.

The malware can intercept messages from incoming and outgoing messages and bypass SMS based two-factor authentication on the victim's bank account. It can suppress the device's ringer volume to prevent the user being alerted about SMSs.

Quick Heal has warned users that there is no official Adobe Flash Player available on the Google Play Store. Adobe had also announced that it will stop updating and distributing Flash player by the end of 2020 in all formats of browser.

Re-disseminated by The Asian Banker from Business Standard

Mobile users beware: Android banking trojan targets Indian bank apps

Diary of Activities
The Asian Banker Digital Finance Leadership Programme
23 - 27 July 2018 | United Kingdom
Future of Finance Thailand 2018
02 August 2018 | Thailand
Future of Finance Indonesia 2018
30 August 2018 | Indonesia
Switzerland Wealth Innovation Tour 2018
03 - 07 September 2018 | Switzerland
Future of Finance Philippines 2018
05 October 2018 | Philippines