An Android Trojan is targeting over 232 banking apps including Indian banks; Check if your app is in the list

The malware not only steals your login credentials but uploads your contact list and SMSes onto a malicious server

Smartphones are a one-stop destination for connectivity in the age of the Internet. From shopping and reading books to ordering food and providing banking solutions on the go, smartphones today help with everything. Owing to their utility, all major banks today have their mobile banking apps to help their customers with various transactions like money transfer and bill payment among others. But now all the banking app users have something to worry about.

A banking Trojan called “Android.banker.A9480” has been detected on the Android smartphones and it is targeting over 232 banking apps including some in India.

If that didn’t scare you, here’s more. This malware not only steals login credentials but also uploads your contact list and SMSes on a malicious server. Here’s what Quick Heal Security Labs, which detected the attack, wrote about the attack:

Like most other Android banking malware, even this one is designed for stealing login credentials, hijacking SMSs, uploading contact lists and SMSs on a malicious server, displaying an overlay screen (to capture details) on top of legitimate apps and carrying out other such malicious activities.

How does the trojan work?
What makes this trojan difficult to figure out is the fact that it disguises itself as a fake Flash Player app, owing to the app’s popularity. Once you download the app on your smartphone, it sends numerous pop-ups to your device until you grant administrative privileges to it.

Once this is done, the malicious app hides its icon. However, in the background, the app scans the apps installed on the victim’s smartphones looking for banking and cryptocurrency apps.

“If any one of the targeted apps is found on the infected device, the app shows a fake notification on behalf of the targeted banking app. If the user clicks on the notification, they are shown a fake login screen to steal the user’s confidential info like net banking login ID and password,” Quick Heal wrote on its blog.

ALSO READ: Petya ransomware attack: 7 important questions answered

Which banking apps have been targeted in India?
Here’s a list of Android banking apps and mobile wallets targeted by the trojan:

  • Axis Mobile
  • HDFC Bank MobileBanking
  • SBI Anywhere Personal
  • HDFC Bank MobileBanking LITE
  • iMobile by ICICI Bank
  • IDBI Bank GO Mobile+
  • Abhay by IDBI Bank Ltd
  • IDBI Bank GO Mobile
  • IDBI Bank mPassbook
  • Baroda mPassbook
  • Union Bank Mobile Banking
  • Union Bank Commercial Clients

ALSO READ: Chinese ‘Fireball’ malware: 250 million computers infected worldwide; here’s how you can save your system

How can I protect myself from the attack?
Here are a few tips that will help you thwart the attack:

  • Do not download Adobe Flash player on your smartphone. It has been discontinued after Android 4.1 version.
  • Always keep ‘Unknown Sources’ option on your device disabled. (Settings > Security > Unknown sources > Disable)
  • Do not download apps sent via SMS or emails.
  • Always verify app permissions before installing an app.
  • Check for software updates and keep your smartphone updated.
  • Install a mobile security app on your device.