by Rene Millman
January 05, 2018
Security researchers have found a new strain of malware targeting banking apps on Android devices.
Called Android.banker.A2f8a, researchers at Quick Heal Security Labs said that the malware has targeted more than 232 banking apps, stealing login credentials, hijacking SMSs, uploading contact lists and SMSs on a malicious server. It also displays an overlay screen (to capture details) on top of legitimate apps.
The malware being distributed through a fake Flash Player app on third-party stores. Bajrang Mane, a researcher at Quick Heal Security Labs said that this not surprising given that Adobe Flash is one of the most widely distributed products on the Internet.
He added that after installing the malicious app, it will ask the user to activate administrative rights. And even if the user denies the request or kills the process, the app will keep throwing continuous pop-ups until the user activates the admin privilege. “Once this is done, the malicious app hides its icon soon after the user taps on it,” said Mane.
He said that the app carries out malicious tasks – it keeps checking the installed app on the victim’s device and particularly looks for 232 apps.
“If any one of the targeted apps is found on the infected device, the app shows a fake notification on behalf of the targeted banking app. If the user clicks on the notification, they are shown a fake login screen to steal the user’s confidential info like net banking login ID and password,” said Mane.
The malware can also read all incoming and outgoing texts and can also bypass the OTP-based two-factor authentication on the victim’s bank account. It can also change the device’s ringer volume to silence text message notifications.
Mane said that users should avoid downloading apps from third-party sources or from links sent via text messages or emails.
“Always keep ‘Unknown Sources’ disabled. Most importantly, verify app permissions before installing any app even from official stores such as Google Play. Always keep your device OS and mobile security app up-to-date,” he added.