Android Trojan Targets 200+ Global Financial Apps

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,115
An Android banking trojan that targets more than 232 banking apps has been uncovered, targeting financial institutions globally.
According to Quick Heal Security Labs, Banker A2f8a is designed for stealing login credentials, hijacking SMS messages, uploading contact lists and texts to a malicious server, displaying an overlay screen (to capture details) on top of legitimate apps and other malicious activities.

The fact that the malware can intercept all incoming and outgoing SMS from the infected device is important, given that this enables the attackers to bypass SMS-based two-factor authentication on the victim’s bank account (OTP).

The trojan is being distributed through a fake Flash Player app on third-party stores. This is a red flag, given that Adobe Flash player has been discontinued after Android 4.1 version because it’s available in the mobile browser itself.

In an analysis, Bajrang Mane, who leads the threat analysis, incident response and automation teams at Quick Heal, explained its function:

After installing the malicious app, it will ask the user to activate administrative rights. And even if the user denies the request or kills the process, the app will keep throwing continuous pop-ups until the user activates the admin privilege. Once this is done, the malicious app hides its icon soon after the user taps on it. In the background, the app carries out malicious tasks—it keeps checking the installed app on the victim’s device and particularly looks for 232 apps (banking and some cryptocurrency apps). If any one of the targeted apps is found on the infected device, the app shows a fake notification on behalf of the targeted banking app. If the user clicks on the notification, they are shown a fake login screen to steal the user’s confidential info like net banking login ID and password.

In order to stay safe from this and other banking trojans, users should avoid downloading apps from third-party app stores or from links provided in texts or emails. They should also always keep ‘Unknown Sources’ disabled, and verify app permissions before installing any app, even from official stores such as Google Play. And, any OS or app updates should be installed as they’re released.
 

Windows Defender Shill

Level 7
Verified
Well-known
Apr 28, 2017
326
I have never been willing to trust any mobile banking app on Android or Ios. The idea of having a banking app on a device that I can lose at anytime or that I travel with and connect to foreign networks constantly is repulsive for me. Banking is too be done on a laptop or desktop on my own network that I know is secure.

Yes, my position is dated and absurd but I don't trust mobile banking.
 

Entreri

Level 7
Verified
May 25, 2015
342
This is why I don't do banking on my Android. Too much malware on the Google Store.

If you do banking, Apple is the way to go (get a real iPhone through Apple's Store). There is still some danger though, given those catchers ("Stingrays") used by Police, Spy Agencies and some criminals.
 

Aleeyen

Level 22
Verified
Top Poster
Well-known
Nov 19, 2012
1,121
Android was supposed to be a more secure OS but its turning out to be on the contrary.
 

oneeye

Level 4
Verified
Jul 14, 2014
174
Did any of you read the article? It was a rogue app, on a third party app Store, for FLASH PLAYER. And then you need to make it device administrator. And then finally, have a banking app to be targeted. All this happens on laptops, desktops ALL THE TIME! Way more than Android, or any other mobile OS.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top