Global IT security firm fast Heal’s Security Labs on Th declared it’s noticed Associate in Nursing golem Banking Trojan that imitates over 232 mobile apps, as well as those offered by Indian banks like SBI, HDFC, ICICI, IDBI, and Axis, among others.
According to the researchers, the malware referred to as “Android.banker.A2f8a” is being distributed through a pretend Flash Player app on third-party stores.
The newly discovered golem malware is targeting 232 banking apps as well as many Indian banks. a number of the banking apps being targeted by new golem malware embrace Axis Mobile, HDFC Bank MobileBanking, SBI anyplace Personal, HDFC Bank MobileBanking light, iMobile by ICICI Bank, IDBI Bank GO Mobile+, Abhay by IDBI Bank Ltd, IDBI Bank GO Mobile, Baroda mPassbook, Union Bank Mobile Banking, and Union Bank business shoppers.
The new golem Banking Trojan referred to as “Android.banker.A9480” was discovered by fast Heal Security Labs and it’s claimed to be designed for stealing login credentials, hijacking SMSs, uploading contact lists and SMS on a malicious server.
“Android.banker.A9480 is being distributed through a pretend Flash Player app on third-party stores. this is often not stunning provided that Adobe Flash is one of all the foremost cosmopolitan merchandise on the net. due to its quality and world install base, it’s usually targeted by attackers,” fast Heal explains in an exceedingly journal post.
Explaining, however, the new golem malware disguises as a Flash Player, the malicious app when being put in asks the user to activate body rights. In case, user denies the request or kills the method, the app can keep throwing continuous pop-ups till the user activates the admin privilege. Once this is often done, the malicious app hides its icon before long when the user faucets thereon.
Android.banker.A9480 malware gets circulated via a pretend Flash Player app on third-party stores, fast Heal aforesaid. The Flash Player app could be a common target for cybercriminals thanks to its prevalence. Once users transfer the malicious application, they get many prompts to activate body rights. The app sends various pop-ups to victims till the executive privileges area unit activated, the report adds.
Once the app is put in on a smartphone, the icon gets hidden once the user faucets thereon. The malicious app keeps operating within the background whereas checking for one in all the 232 banking apps. Further, if the app finds one in all the targeted apps, it sends a pretend notification that resembles the banking app. once users open the notification, they get a pretend login window that’s then utilized by the attackers to extract confidential information like login ID and positive identification.
The report more adds that the malware will intercept all incoming and outgoing SMS from the infected device. this allows attackers to bypass SMS-based two-factor authentication on the victim’s checking account (OTP).
Quick Heal claims that excluding banking apps, Android.banker.A9480 malware conjointly targets cryptocurrency apps. we tend to suggest our readers remain safe from golem Banking Trojans by avoiding downloading apps from third-party app stores or links provided in SMS or emails. Users ought to conjointly keep the Setting for “Always keep ‘Unknown Sources’” disabled. of course, sanctioning this selection can permit installation of apps from unknown sources.