Security firm and popular antivirus developer, Quick Heal Security Labs recently detected a harmful Android banking trojan that targets over 232 banking apps along with some cryptocurrency apps. The infected banking apps also include Indian banks.
The Android malware known as Android.banker.A2f8a is designed for stealing login credentials, hijacking SMSs, uploading contact lists and SMS on a malicious server. According to Quick Heal, as Adobe Flash is one of the most widely distributed products on the Internet, the attacker uses a fake version of Flash Player app to spread this Android banking trojan through third-party stores.
So how this Android banking trojan harms you?:
Quick Heal explains how this Android banking trojan disgiuses as a Flash Player compromise your security — “After installing the malicious app, it will ask the user to activate administrative rights. And even if the user denies the request or kills the process, the app will keep throwing continuous pop-ups until the user activates the admin privilege. Once this is done, the malicious app hides its icon soon after the user taps on it.”
So after getting admin rights, malware keeps checking the installed app on the victim’s device and particularly looks for 232 apps both banking and some cryptocurrency apps. And when any one of these targeted apps spotted on the infected device, the app shows a fake notification on behalf of the targeted banking app. If the user clicks on the notification, they are shown a fake login screen to steal the user’s confidential info like net banking login ID and password.
Apart from that the malware also has the capability intercept all incoming and outgoing SMSs from the infected device. This enables the attackers to bypass SMS-based two-factor authentication on the victim’s bank account.
Here is the list of some banking and cryptocurrency apps by this Android Banking Trojan. You can check the complete list in Quick Heal blogpost.
Targeted banking apps in India:
- axis.mobile (Axis Mobile)
- snapwork.hdfc (HDFC Bank MobileBanking)
- sbi.SBIFreedomPlus (SBI Anywhere Personal)
- hdfcquickbank (HDFC Bank MobileBanking LITE)
- csam.icici.bank.imobile (iMobile by ICICI Bank)
- snapwork.IDBI (IDBI Bank GO Mobile+)
- idbibank.abhay_card (Abhay by IDBI Bank Ltd)
- com.idbi (IDBI Bank GO Mobile)
- idbi.mpassbook (IDBI Bank mPassbook)
- co.bankofbaroda.mpassbook (Baroda mPassbook)
- unionbank.ecommerce.mobile.android (Union Bank Mobile Banking)
- unionbank.ecommerce.mobile.commercial.legacy (Union Bank Commercial Clients)
Targeted cryptocurrency apps:
- bitfinex.bfxapp (Bitfinex)
- veken0m.cavirtex (Bitcoinium)
- brothas.mtgoxwidget (Bitcoin Ticker Widget)
- master.cointransaction (Bitcoin/Altcoin chart, alarm, ticker)
- leowandersleb.bitcoinsw (Flux Bitcoin Widget)
- ozgur.btcprice (Bitcoin Price)
- coinprices.allexchanges (Crypto Prices All-in-One)
- blockchain.android (Blockchain – Bitcoin & Ether Wallet)
- blockchain.merchant (Blockchain Merchant)
- hyperwallet.wubsprepaid (WUBS Prepaid)
- blocktrail.mywallet (BTC.com – Bitcoin Wallet)
- claimyourbits.btcsafari (BTC SAFARI – Free Bitcoin)
- handyapps.bitcoinpriceiq (Bitcoin Price IQ)
- schildbach.wallet (Bitcoin Wallet)
- blockfolio.blockfolio (Blockfolio Bitcoin / Altcoin App)
- org.freewallet.app (Bitcoin Wallet by Freewallet)
- bitcoin.crane.money (Bitcoin NewsCrane)
- coinmarketapp.app (Bitcoin CoinMarketCap.com (unofficial) / Altcoin)
- coinpayments.coinpaymentsapp (CoinPayments)
- org.freewallet.app (Bitcoin Cash Wallet by Freewallet)
- cenci7.coinmarketcapp (CoinMarketCapp – Blockchain Cryptocurrencies)
- benzneststudios.cryptostory (CryptoStory – Cryptocurrency Portfolio)
- langerhans.wallet (Dogecoin Wallet)
Tips to stay safe from Android banking trojans:
Quick Heal recommends following tips to keep you safe from this Android malware.
- Avoid downloading apps from third-party app stores or from any other source.
- Always keep ‘Unknown Sources’ disabled. Enabling this option allows installation of apps from unknown sources.
- Also, verify app permissions before installing any app even from official stores such as Google Play.
- Install a good Android antivirus or anti-malware app that can detect and block fake and malicious apps before they can infect your device.
- And finally, keep your device OS and apps up-to-date.