The international IT security firm Quick Heal’s Security Labs on Thursday revealed that it has discovered an Android Banking Trojan that imitates more than 232 mobile apps, including those offered by Indian banks like SBI, HDFC, ICICI, IDBI, and Axis, among others.
The malware named as “Android.banker.A2f8a” is being spread through a fake Flash Player app on third-party stores.
How does it work?
After downloading the app, it keeps checking for the installed apps on the victim’s device and particularly looks for the 232 banking and cryptocurrency apps.
Once any of the targeted apps are found on the device, the app shows fake notifications disguised as coming from the targeted app and asks users to log in with their credentials and ultimately tricks them by stealing their login ID and password.
“Users are advised to avoid downloading apps from third-party app stores or links provided in SMSs and emails to keep their credentials safe,” Sanjay Katkar, Joint Managing Director, and Chief Technology Officer, Quick Heal Technologies Limited, said in a statement.
“It is also strongly advised to keep device OS and mobile security app up-to-date,” he added.
In the setting, the app conducts malicious tasks — it keeps checking the installed app on the victim’s device and particularly looks for 232 apps (banking and some cryptocurrency apps).
If they found anyone of the targeted apps on the infected device, the app displays a fake notification on behalf of the targeted banking app. If the user clicks on the notification, they are shown a fake login screen which allows stealing the user’s confidential information like net banking login ID and password.
“Install a reliable mobile security app that can detect and block fake and malicious apps before they can infect your device,” Quick Heal said.