A new Android malware that targets over 232 banking apps, including those of SBI, HDFC, and IDBI, has been discovered. The ‘Android.banker.A9480’ malware is distributed through a fake Flash Player app on third-party stores, anti-virus company Quick Heal said. It is designed to steal login credentials, hijack SMSes, and upload contact lists on a malicious server.
Some of the banking apps said to be targeted by new Banking Trojan malware include Axis Mobile, HDFC Bank MobileBanking, SBI Anywhere Personal, HDFC Bank MobileBanking Lite, iMobile by ICICI Bank, IDBI Bank GO Mobile+, Abhay by IDBI Bank Ltd, IDBI Bank GO Mobile, Baroda mPassbook, Union Bank Mobile Banking, and Union Bank Commercial Clients. “Android.banker.A9480 is being distributed through a fake Flash Player app on third-party stores. This is not surprising given that Adobe Flash is one of the most widely distributed products on the Internet. Because of its popularity and global install base, it is often targeted by attackers,” Quick Heal explains in a blog post. Explaining how the new Android malware disgiuses as a Flash Player, the malicious app after being installed asks the user to activate administrative rights. In case, user denies the request or kills the process, the app will keep throwing continuous pop-ups until the user activates the admin privilege. Once this is done, the malicious app hides its icon soon after the user taps on it. After getting admin rights, the malicious ap in the background carries out tasks like keep checking the installed app on the victim’s device and particularly look for 232 apps which include banking and some cryptocurrency apps.