Indian Banking Apps Hit By Malware; Hackers Are Stealing User Data!
The malware is hidden in a flash player app which is available for download in third party app stores.
Internet and cybersecurity firm Quick Heal’s Security Labs has announced that the company has identified an Android Banking Trojan imitating more than 232 banking mobile apps around the world. It includes major Indian banks apps from SBI, HDFC, ICICI, IDBI and Axis, among others.
The Trojan malware, which has been named ‘Android.banker.A9480‘ is being used to steal personal data from users. Quick Heal Security Labs has reported that the banking malware is sneaking into login data, SMS, contact lists and uploading all the data to a malicious server.
Not only banking apps, this malware is also targeting cryptocurrency apps present on the user’s phone where it is reportedly stealing similar sensitive data.
Which Indian Banking Apps Are Targeted?
Quick Heal has listed the Indian banking apps which have been targeted by this Trojan malware;
- Axis Mobile
- HDFC Bank MobileBanking
- SBI Anywhere Personal
- HDFC Bank MobileBanking LITE
- iMobile by ICICI Bank
- IDBI Bank GO Mobile+
- Abhay by IDBI Bank Ltd
- IDBI Bank GO Mobile
- IDBI Bank mPassbook
- Baroda mPassbook
- Union Bank Mobile Banking
- Union Bank Commercial Clients
With time, more customers and businesses have moved to the mobile to use it as their main platform for banking. Attackers have taken notice of this and have followed suit. Banking malware has evolved over the time, and the latest malware is hitting the apps directly and is found to have attacked more than 232 separate mobile banking apps around the world.
How Does The Malware Steal Data?
Quickheal has reported that the Android.banker.A9480 malware is getting circulated inside a fake Flash Player app available on third-party app stores. Flash Player app is a popular target for cybercriminals.
Once a user downloads the malicious app, the app takes several prompts to activate administrative rights and starts sending numerous pop-ups to the victims until the administrative privileges are activated.
The malicious app keeps on working in the background, checking for any banking or cryptocurrency apps. As soon it finds one of the targeted apps, it starts sending fake notifications which resemble the ones from the targetted apps.
Users are prompted to enter their login credentials through these notifications. The data is captured and sent to unknown servers. The data is then used by the cybercriminals to extract all confidential information like login ID and password.
What Hackers Do With Stolen Data?
The targeted mobile apps show fake notifications which prompt users to log in with their credentials from where their data is stolen.
After stealing the login data, SMS, contact lists, the malware then uploads all the data onto a malicious server.
The malware is able to process commands like sending and collecting SMS, uploading the contact list and location, displaying fake notifications, gaining accessibility and GPS permission and much more.
Since the malware is able to intercept incoming and outgoing SMS from an infected smartphone, it can bypass the OTP based two-factor authentication on the user’s bank account and can misuse the access.
How To Be Safe?
Users are being advised by banks and internet security firms to avoid downloading any apps from third party app stores or any links provided in an SMS or emails. This will keep their credentials safe. Soon an OTA security update will be sent to the affected banking apps.
Users are strongly advised to keep their device OS and mobile security apps up-to-date.