Mobile users beware: Android banking trojan targets Indian bank apps

Malware successfully detected, no immediate mention any known occurrences of misuse so far

An Android Banking Trojan/Malware that targets around 200 apps, including those offered by Indian banks, has been detected, prompting security researchers and banks to alert consumers.

The malware is designed for stealing login credentials, hijacking SMS messages, uploading contact lists and SMS messages to malicious servers by displaying a fake overlay screen on top of legitimate apps to capture user inputs, said software security firm QuickHeal in a post on Saturday.

"Do not download and install applications from untrusted sources offered via unknown website links on unscrupulous messages," said Canara Bank in a note to users. The bank suggested avoiding unknown wi-fi networks to prevent rogue access to devices.

While the malware has been successfully detected, there is no immediate mention any known occurrences of misuse so far.

Android.banker.A2f8a is being distributed through a fake Flash Player app on third-party stores. This is not surprising, said QuickHeal, given that Adobe Flash is one of the most widely distributed products on the internet and because of its popularity, it is often targeted by attackers.

The malicious app shows fake notifications on behalf of the original app and when users click on the fake notifications, they are directed to enter their login credentials into a fake login page.

The malware has targeted banking apps of Axis Bank, HDFC, ICICI, IDBI and Union Bank among others says the blog. The malware has also targeted a number of cryptocurrency apps like Bitcoinium, Bitcoin Wallet, BTC Safari and Bitfinex apart from many others.

A number of international banking and payment apps are also listed like ING Australia Banking, Citibank Australia, Citi Mobil UK, Singapore Digital Banking and PayPal Mobile and Amazon for Tablets.

The malware can intercept messages from incoming and outgoing messages and bypass SMS based two-factor authentication on the victim's bank account. It can suppress the device's ringer volume to prevent the user being alerted about SMSs.

Quick Heal has warned users that there is no official Adobe Flash Player available on the Google Play Store. Adobe had also announced that it will stop updating and distributing Flash player by the end of 2020 in all formats of browser.

Tips to stay safe from Android Banking Trojans: 

Avoid downloading apps from third-party app stores or links provided in SMSs or emails.

Always keep ‘Unknown Sources’ disabled. Enabling this option allows installation of apps from unknown sources.

Most importantly, verify app permissions before installing any app even from official stores such as Google Play.

Install a reliable mobile security app that can detect and block fake and malicious apps before they can infect your device.

Always keep your device OS and mobile security app up-to-date.

Source: Quick Heal Technologies