Quick Heal

Quick Heal detects Trojan Malware that targets mobile banking and cryptocurrency apps

Quick Heal

Global IT security firm Quick Heal’s Security Labs has revealed that an Android Banking Trojan is targeting more than 232 mobile banking apps globally, including those offered by Indian banks like SBI, HDFC, ICICI, IDBI, and Axis, among others.

Quick Heal Security Labs detected a malware, which is known as Android.banker.A2f8a (Previously detected as Android.banker.A9480).

The Trojan malware is designed to steal personal data from users, which sneaks into login data, SMS, contact lists and uploads them to a malicious server. Additionally, apart from the banking apps, Trojan also targets cryptocurrency apps present on a user’s phone.

Also Read: Data leaks rise in startups: What are users’ right and future of cybersecurity?

Quick Heal lists the targeted Indian banking apps like Axis mobile, HDFC Bank MobileBanking, SBI Anywhere Personal, HDFC Bank MobileBanking LITE, iMobile by ICICI Bank, IDBI Bank GO Mobile+, IDBI Bank GO Mobile, IDBI Bank mPassbook, Baroda mPassbook, Union Bank Mobile Banking, among others.

Apart from the banking apps, the cryptocurrency apps like Bitcoinium, Bitfinex, Bitcoin Ticker Widget, Bitcoin Wallet including many others are also vulnerable to the malware.

How malware Android.banker.A2f8a steals users’ data

  • The malware gets circulated via a fake Flash Player app on third-party stores
  • Once users download the malicious application, they get several prompts to activate administrative rights
  • The app sends numerous pop-ups to victims until the administrative privileges are activated.
  • And even if the user denies the request or kills the process, the app will keep throwing continuous pop-ups until the user activates the admin privilege
  • The malicious app hides its icon soon after the user taps on it
  • If anyone of the targeted apps is found on the infected device, the app shows a fake notification on behalf of the targeted banking app
  • If the user clicks on the notification, they are shown a fake login screen to steal the user’s confidential info like net banking login ID and password

How to avoid this malware

  • Avoid downloading apps from third-party app stores or links provided in SMSs or emails
  • Always keep ‘Unknown Sources’ disabled. Enabling this option allows installation of apps from unknown sources
  • Most importantly, verify app permissions before installing any app even from official stores such as Google Play
  • Install a reliable mobile security app that can detect and block fake and malicious apps before they can infect your device
  • Always keep your device OS and mobile security app up-to-date

Send Suggestions or Tips