An Android malware has been targeting over 232
banking apps including SBI, HDFC Bank and ICICI Bank, Quick Heal Security Labs
has detected. According to the IT solution provider, an Android Banking
Trojan has been targeting more than 232 banking apps including those offered by
Indian banks.
The banking malware is designed for stealing
login credentials, hijacking SMSs, uploading contact lists and SMSs on a
malicious server, displaying an overlay screen (to capture details) on top of
legitimate apps and carrying out other such malicious activities.
The malware is known
as Android.banker.A2f8a (Previously detected
as Android.banker.A9480), according to Quick Heal Security
Labs. The new malware is being distributed through a fake Flash Player app
on third-party stores. “This is not surprising given that Adobe Flash is one of
the most widely distributed products on the Internet. Because of its popularity
and global install base, it is often targeted by attackers,” the IT solution
company said in a statement.
The company has said that the malware throws
continuous pop-ups, even if administrative rights are declined. “After
installing the malicious app, it will ask the user to activate administrative
rights. And even if the user denies the request or kills the process, the app
will keep throwing continuous pop-ups until the user activates the admin
privilege. Once this is done, the malicious app hides its icon soon after the
user taps on it,” the company said.
If anyone of the targeted apps is found on the
infected device, the app shows a fake notification on behalf of the targeted
banking app. If the user clicks on the notification, they are shown a fake
login screen to steal the user’s confidential info like net banking login ID
and password.
List of targeted
Indian banking apps:
1. axis.mobile (Axis Mobile)
2. snapwork.hdfc (HDFC Bank
MobileBanking)
3. sbi.SBIFreedomPlus (SBI Anywhere
Personal)
4. hdfcquickbank (HDFC Bank MobileBanking
LITE)
5. csam.icici.bank.imobile (iMobile by
ICICI Bank)
6. snapwork.IDBI (IDBI Bank GO Mobile+)
7. idbibank.abhay_card (Abhay by IDBI
Bank Ltd)
8. com.idbi (IDBI Bank GO Mobile)
9. idbi.mpassbook (IDBI Bank mPassbook)
10. co.bankofbaroda.mpassbook (Baroda
mPassbook)
11. unionbank.ecommerce.mobile.android (Union
Bank Mobile Banking)
12. unionbank.ecommerce.mobile.commercial.legacy
(Union Bank Commercial Clients )
How to stay safe?
1. Avoid downloading apps from third-party app
stores or links provided in SMSs or emails.
2. Always keep ‘Unknown Sources’ disabled.
Enabling this option allows installation of apps from unknown sources.
3. Most importantly, verify app permissions
before installing any app even from official stores such as Google Play.
4. Install a reliable mobile security app that
can detect and block fake and malicious apps before they can infect your
device.
5. Always keep your device OS and mobile
security app up-to-date.
No comments:
Post a Comment