Quick Heal Security Labs disclosed an detailed article on the Android Banking trojan that targets more than 232 banking apps, earlier this week. On their blog, they have listed numerous banking apps which were affected by this malware and out of it, there were even apps which were offered by Indian banks.
According to their article, the malware named Android.banker.A2f8a (Previously discovered as Android.banker.A9480) was spotted targeting various banking apps and some cryptocurrency apps.
The Android banking trojan is being distributed through a fake Adobe flash player app over the internet. Like the DoubleLocker Ransomware, this one gets into a phone by means of a fake Adobe flash player app. And yes, it looks like hackers frequently target this Adobe flash player app because of its popularity.
Similar to other Android malware, this one was designed in such a way that it can steal
- User login credentials.
- Hijack SMSs.
- Upload contact lists and SMSs over a malicious server.
- Displays the overlay screen over the legitimate apps and captures the details.
What happens after you install this malicious app?
After installation of this malicious app, it seeks the user to provide administrative privileges. Even though the user refuses to provide administrative rights it continually throws screen pop-ups until the user provides the rights. So after its done, the malicious app hides its icon.
Soon after this process gets over, the Android malware runs in the background and it keeps performing its malicious tasks. It keeps checking the user’s phone for the 232 banking apps and other crypto-currency apps.
If the infected device holds any one of the targeted apps, it displays a fake notification on behalf of the legitimate app. As soon as the user clicks on the notification, the user will be asked to enter the login credentials like net banking username and a password.
The malware performs numerous tasks with the help of C&C servers like
- Displaying a fake notification.
- Sending an SMS.
- Collecting all the SMSs and uploading it to a malicious server.
- Uploading a list of contacts.
- Asking for an accessibility permission.
- Sending a USSD request.
- Requesting a GPS permission.
- Uploading location to a malicious server.
Targeted Indian banking apps:
- Axis Mobile
- HDFC Bank MobileBanking
- SBI Anywhere Personal
- HDFC Bank MobileBanking LITE
- iMobile by ICICI Bank
- IDBI Bank GO Mobile+
- Abhay by IDBI Bank Ltd
- IDBI Bank GO Mobile
- IDBI Bank mPassbook
- Baroda mPassbook
- Union Bank Mobile Banking
- Union Bank Commercial Clients
On a daily basis, lots of sophisticated Android malware are being discovered, and here are some tips to safeguard your device from those trojans.
- Download apps from Google play store.
- Avoid downloading apps from the third-party store, links provided in SMSs.
- Verify app permissions before installing an app, even from Google Play.
- Install a mobile security app that could detect the presence of malicious app before they affect your device.
- Update your device OS and security app up to date.