New Android malware targets mobile banking apps, disguised as Flash Player

According to QuickHeal, there's a new threat that masks itself as Flash Player. Unfortunately, this targets about 232 banking apps, including apps in India.

  • Published: January 4, 2018 12:51 PM IST
Social media security

Industry statistics and reports frequently refer to India’s rise in mobile phones users. An increasing number of Indians connect online via mobile devices. And since smartphones are such an integral part of our lives, applications only follow as the means with which we carry out important affairs of daily human life.

It’s taken a long time for Indians to be comfortable with internet-enabled transactions. That’s one reason attributed to the delayed adoption of credit cards and internet banking in India. However, despite consumer fears and concerns, the Indian market seems to have overcome initial hurdles. According to online security company QuickHeal, there’s a new threat that masks itself as Flash Player. Unfortunately, this targets about 232 banking apps, including apps in India.

In a post on its official blog, QuickHeal mentions about the Android.banker.A9480 malware. The post goes on to mention that it steals your login credentials for your bank as well as hijack the SMS feature on your phone. In addition, it can also upload your contacts and text messages to a rogue server.

Explaining the modus operandi, the post describes that the malware works by distributing itself as a fake Flash player. Once the victim has installed the malware on their device, it takes administrative control. Even disabling or killing the process wouldn’t help solve the problem. The only option left for the user is to enable admin privileges.

Among the tasks that the malware undertakes in the background is scan the user’s device for among 232 applications including banks and cryptocurrency applications. If any of the applications are detected on the device, the user would receive a notification. Once the user clicks on the notification, a fake login screen is displayed. The user then enters the credentials to login, which is captured to eventually steal crucial financial information.

This attack is a repeat of a similar malware attack that occurred in 2016, which was reported by ESET. In a post from March 2016, the security company highlighted the Android SpyAgent, which used similar means of tricking a user to logging into their banking app. According to Lukáš Štefanko, ESET Malware Researcher who specializes in Android malware, this malware can perform “SMS-based two-factor authentication of fraudulent transactions to be bypassed, without raising the suspicions of the device’s owner”.

While making a payment, or executing a transaction on your banking app, it’s only natural to expect that security concerns are taken care of. But the modus operandi employed in malware attacks trick the user into falling prey.

This only increases the need for caution and diligence in installing applications and rechecking the source of an application diligently. The post by QuickHeal cautions users from installing applications from third-party sources. In addition, it also recommends keeping the option for installing applications from unknown sources disabled at all times.

  • Published Date: January 4, 2018 12:51 PM IST