New Android Malware targets 232 banking, cryptocurrency and e-commerce apps in India

2017 was the year when a lot of cyber attacks and breaches were reported not only around the globe but significantly in India as well. While we were hoping for the governments and cybersecurity companies to come up with a better solution in 2018, unfortunately, the cybercriminals seem to be always one step ahead.

Having said that, it looks like we have our first report of cybercrime for the year 2018. Well, a new Android malware is reportedly targeting over 232 banking apps including a few banks in India.

Quick Heal Security Labs has now detected a Trojan virus known as Android.banker.A9480. And the firm has said, "like most other Android banking malware, even this one is designed for stealing login credentials, hijacking SMSs, uploading contact lists and SMSs on a malicious server, displaying an overlay screen (to capture details) on top of legitimate apps and carrying out other such malicious activities."

Quick Heal has listed the Indian banking apps that are targeted by the Android banking Trojan malware. The banks include Axis mobile, HDFC Bank MobileBanking, SBI Anywhere Personal, HDFC Bank MobileBanking LITE, iMobile by ICICI Bank, IDBI Bank GO Mobile+, Abhay by IDBI Bank Ltd, IDBI Bank GO Mobile, IDBI Bank mPassbook, Baroda mPassbook, Union Bank Mobile Banking, and Union Bank Commercial Clients.

Additionally, apart from the banking apps, the firm has revealed that this Trojan also targets cryptocurrency apps as well as e-commerce apps present on a user's phone. You can find the full list here.

The security firm has also revealed that Android.banker.A9480 is being distributed through a fake Flash Player app on third-party stores. Given that Adobe Flash is one of the most widely distributed products on the Internet, the criminals have chosen this target.

Once the malicious app is installed, it will ask the user to activate administrative rights. And even if the user denies the request or kills the process, the app sends continuous pop-ups until the user activates the admin privilege. Once this is done, the malicious app hides its icon soon after the user taps on it.

And in the background, the app carries out malicious tasks - it keeps checking the installed app on the victim's device and particularly looks for any banking or cryptocurrency apps. If anyone of the targeted apps is found on the infected device, the app shows a fake notification on behalf of the targeted banking app. If the user clicks on the notification, they are shown a fake login screen to steal the user's confidential info like net banking login ID and password.

As per the blog posted by Quick Heal, the malware can process commands like sending and collecting SMS, upload contact list and location, display fake notification, accessibility and GPS permission, and more. Since the malware can intercept incoming and outgoing SMS from an infected smartphone, it will be able to bypass the OTP based two-factor authentication on the user's bank account as well. This is quite concerning.

Meanwhile, it is worth noting that Adobe Flash player has been discontinued after Android 4.1 version as the player comes integrated with the mobile browser itself. There is no official Adobe Flash Player available on the Google Play Store. Adobe had also announced that it will stop updating and distributing Flash player by the end of 2020 in all formats of the browser.

Tips to stay safe from Android Banking Trojans

• Users should avoid downloading apps from third-party app stores or links provided in SMS or emails.
• Users should always keep 'Unknown Sources' disabled. Enabling this option allows installation of apps from unknown sources.
• Users should verify app permissions before installing any app even from official stores such as Google Play Store.
• Users can install a reliable mobile security app that can detect and block fake and malicious apps before they can infect your device.
• It is important to always keep any device OS and mobile security app up-to-date.