New Android malware targeting various banking apps

As per news report, the newly discovered Android malware "Android.banker.A9480" is targeting 232 banking apps which includes some Indian banks also. Some of the banking apps being targeted are Axis Mobile, HDFC Bank MobileBanking, SBI Anywhere Personal, HDFC Bank MobileBanking Lite, iMobile by ICICI Bank, IDBI Bank GO Mobile+, Abhay by IDBI Bank Ltd, IDBI Bank GO Mobile, Baroda mPassbook, Union Bank Mobile Banking, and Union Bank Commercial Clients.

New malware was discovered by Quick Heal Security Labs. It is designed for stealing login credentials, hijacking SMSs, uploading contact lists and SMSs on a malicious server.

A blog post, Quick Heal explained how the malware disguises as a Flash Player and after being installed asks the user to activate administrative rights. If a user denies the request or kills the process, the app will keep throwing continuous pop-ups until the user activates the admin privilege. Once this is done, the malicious app hides its icon soon after the user taps on it.

After getting admin rights, the malicious app in the background carries out tasks like keep checking the installed app on the victim’s device and particularly look for 232 apps which include banking and some cryptocurrency apps.

The malware can also intercept all incoming and outgoing SMSs from the infected device. This enables attackers to bypass SMS-based two-factor authentication on the victim’s bank account (OTP).

Android users with banking apps installed on their devices should also verify app permissions before installing any app even from official stores such as Google Play. Users should always keep device OS and mobile security app up-to-date.

Tags: New Android malware, banking apps, android malware, android banker a9480 malware, HDFC Bank MobileBanking, Quick Heal Security Labs, quick heal, Android users, google play store, varindia