Quick Heal Security Labs today reported of finding an Android malware named ‘Android.banker.A9480’ that has victimized over 232 banks from all over the world including a few from India. This Trojan malware is devised to steal personal information from users. Once activated, this malware gains an unauthorized access login data, SMS, contact lists and uploads them to a malicious server. Also, apart from banking apps, the trojan has also affected a number of cryptocurrency apps installed on a user’s phone.
Some of the Indian banks that were affected by the malware are Axis mobile, HDFC Bank MobileBanking, SBI Anywhere Personal, HDFC Bank MobileBanking LITE, iMobile by ICICI Bank, IDBI Bank GO Mobile+, Abhay by IDBI Bank Ltd, IDBI Bank GO Mobile, IDBI Bank mPassbook, Baroda mPassbook, Union Bank Mobile Banking, and Union Bank Commercial Clients.
The spread of Android.banker.A9480 malware occurs via a fake Flash Player app on third-party stores. Due to its pervasiveness and popularity, Flash player is one of the common targets for cybercriminals. Once you download the malicious app, the app keeps on prompting you several times via pop-ups till you grant required administrative privileges.
Once the app is installed, it vanishes after the user clicks on it. It then keeps running in the background searching for apps from its list of 232 banking applications. If the targeted app is found, it sends a fake notification to the user that looks similar to that of the banking app. When users click on that notification, they are redirected to a fake login window which is then used by attackers to extract confidential data like login ID and password.
According to Quick Heal, the malware can process a lot of commands like sending and collecting SMS, upload contact list and location, display fake notification, accessibility and GPS permission among many more. Since the malware can intercept incoming and outgoing SMS from an affected smartphone, it is also able to bypass the OTP based two-factor authentication provided by the user’s bank account.