Global IT security firm Quick Heal’s Security Labs on Thursday announced it has spotted an Android Banking Trojan that imitates more than 232 mobile apps, including those offered by Indian banks like SBI, HDFC, ICICI, IDBI and Axis, among others.
According to the researchers, the malware known as “Android.banker.A2f8a” is being distributed through a fake Flash Player app on third-party stores. After downloading the app, it keeps checking for the installed apps on the victim’s device and particularly looks for the 232 banking and cryptocurrency apps.
Once any of the targeted apps is found on the device, the app shows fake notifications disguised as coming from the targeted app and asks users to log in with their credentials and ultimately tricks them by stealing their login ID and password.
“Users are advised to avoid downloading apps from third party app stores or links provided in SMSs and emails to keep their credentials safe,” Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies Limited, said in a statement.
“It is also strongly advised to keep device OS and mobile security app up-to-date,” he added. In the background, the app carries out malicious tasks — it keeps checking the installed app on the victim’s device and particularly looks for 232 apps (banking and some cryptocurrency apps).
If any one of the targeted apps is found on the infected device, the app shows a fake notification on behalf of the targeted banking app. If the user clicks on the notification, they are shown a fake login screen which enables stealing the user’s confidential info like net banking login ID and password. “Install a reliable mobile security app that can detect and block fake and malicious apps before they can infect your device,” Quick Heal said.