Quick Heal : Android Malware Targets 232 Banking Apps Including Indian Banks - <b>Technical Lobby</b>

Friday, January 5, 2018

Quick Heal : Android Malware Targets 232 Banking Apps Including Indian Banks

HIGHLIGHTS

  • Malware is known as Android.banker.A9480.
  • Android banking trojan steals login ID, password, SMS, contact lists.
  • Not only banking apps, but cryptocurrency apps affected too.


An Android malware is reportedly targeting over 232 banking apps including a few banks in India. The Trojan malware, named 'Android.banker.A9480', is designed to steal personal data from users, Quick Heal Security Labs reports. Similar to other banking malware, this one also sneaks into login data, SMS, contact lists and uploads them to a malicious server. Additionally, apart from the banking apps, this Trojan also targets cryptocurrency apps present on a user's phone.

Quick Heal lists the Indian banking apps that are targeted by the Android banking Trojan malware:
Axis mobile
HDFC Bank MobileBanking
SBI Anywhere Personal 
HDFC Bank MobileBanking LITE
iMobile by ICICI Bank
IDBI Bank GO Mobile+
Abhay by IDBI Bank Ltd 
IDBI Bank GO Mobile 
IDBI Bank mPassbook 
Baroda mPassbook 
Union Bank Mobile Banking 
Union Bank Commercial Clients. 




Android.banker.A9480 malware gets circulated via a fake Flash Player app on third-party stores, Quick Heal said. The Flash Player app is a popular target for cybercriminals due to its prevalence. Once users download the malicious
Application, they get several prompts to activate administrative rights. The app sends numerous pop-ups to victims until the administrative privileges are activated, the report added.
Once the app is installed on a smartphone, the icon gets hidden when the user taps on it. The malicious app keeps working in the background while checking for one of the 232 banking apps. Further, if the app finds one of the targeted apps, it sends a fake notification that resembles the banking app. When users open the notification, they get a fake login window that is then used by the attackers to extract confidential data like login ID and password.
As per the blog posted by Quick Heal, the malware can process commands like sending and collecting SMS, upload contact list and location, display fake notification, accessibility and GPS permission, and more. Since the malware can intercept incoming and outgoing SMS from an infected smartphone, it is also able to bypass the OTP based two-factor authentication on the user's bank account.
Post a Comment