Beware! This Dangerous Malware Can Steal Your Banking Details


New Delhi: In India, banking apps are increasingly being used for carrying out Internet-enabled transactions conveniently. Almost every bank has a mobile app. But it looks like net banking isn't really safe in an era of increasing cybercrime.

Security software company QuickHeal discovered a new Android banking malware "Android.banker.A9480" that's targeting 232 banking apps to steal user's login credentials.

"Android.banker.A9480" malware has targeted several major banking apps, including SBI Anywhere Personal, Axis Mobile, iMobile by ICICI Bank, HDFC Bank MobileBanking, HDFC Bank MobileBanking LITE, , IDBI Bank GO Mobile+, Abhay by IDBI Bank Ltd, IDBI Bank GO Mobile, IDBI Bank mPassbook, Baroda mPassbook, Union Bank Mobile Banking, and Union Bank Commercial Clients.

Over 20 cryptocurrency apps, including Bitcoinium, CoinPayments, and Bitfinex, were affected.

QuickHeal said the malware disguises itself as Flash Player. After installation, it requests administrative privileges. Even if the user kills the process and denies its request, the malware will keep popping up, asking access to admin rights.

Once the permission is given, its icon is hidden; it starts carrying out malicious activities in the background. It keeps looking for 232 apps, including banking ones.

What exactly does the malware do?

Once the malicious app finds any of the targeted 232 apps on the victim's device, it sends fake notifications that appear to be coming from the targeted banking/financial apps.

When the notification is clicked, a fake page (on top of original apps) tricks them into logging in, ultimately stealing their credentials.

It hijacks SMSes and contact lists to send them to a malicious server.

QuickHeal said the banking malware intercepts all incoming/outgoing SMSes from the victim device; this allows the cybercriminals to actually bypass the SMS-based two-factor authentication (OTP) for banking apps.

It added the malware could, in fact, send SMSes "with a dynamically received text and number from the server's side."

For suppressing SMS notifications received in this process, it can also "silent" the ringer volume.

How to protect your banking details from malware?

QuickHeal has given some suggestions to users for protecting themselves from this Android banking malware.

It has recommended users to avoid downloading apps through links send via SMS and on third-party app stores to keep their banking details safe.

In addition, they can install reliable mobile security software for detecting and blocking malware.

Also, the OS and banking app versions must always be up-to-date.


Add comment

Security code