Influenza A virus subtype H5N1 novel Android malware is reportedly targeting over 232 banking applications, including a few banks inward India. This was discovered yesteryear the cyberspace together with cybersecurity theater Quick Heal, which identified the Android Banking Trojan imitating banking mobile apps approximately the world.
It includes major Indian banks apps from SBI, HDFC, ICICI, IDBI, together with Axis, amid others.
What is the malware?
The Trojan malware, named ‘Android.banker.A9480’, is beingness used to pocket personal information such every bit login data, messages, contact lists, etc. from users together with uploading it to a malicious server.
This malware too targets cryptocurrency apps installed on users’ phones to extract similar sensitive data.
Who has it affected?
According to Quick Heal, the banks affected yesteryear the malware include Axis mobile, HDFC Bank Mobile Banking, SBI Anywhere Personal, HDFC Bank Mobile Banking LITE, iMobile yesteryear ICICI Bank, IDBI Bank GO Mobile+, Abhay yesteryear IDBI Bank Ltd, IDBI Bank GO Mobile, IDBI Bank mPassbook, Baroda mPassbook, Union Bank Mobile Banking, together with Union Bank Commercial Clients.
The amount listing tin hold out institute on Quick Heal’s master copy blog post.
How does the malware work?
The security theater has revealed that the malware is beingness distributed through a faux Flash Player app on third-party stores.
“This is non surprising given that Adobe Flash is i of the almost widely distributed products on the Internet. Because of its popularity together with global install base, it is frequently targeted yesteryear attackers,” the theater said inward a statement.
Once the malicious app is installed, it volition inquire the user to activate administrative rights. The app sends continuous pop-ups until the user activates the admin privilege, fifty-fifty if the user denies the asking or kills the process. Once activated, the malicious app hides its epitome shortly later the user taps on it.
They too revealed that if whatsoever of the targeted apps are institute on the infected device, the app shows a faux notification on behalf of the targeted banking app. If the user clicks on the notification, they are shown a faux login covert to pocket the user’s confidential information similar mesh banking login ID together with password.
Since the malware is able to intercept incoming together with outgoing SMS from an infected smartphone, it tin bypass the OTP based two-factor authentication on the user’s banking venture concern human relationship together with tin misuse the access.
How tin users protect their data?
It should hold out noted that Adobe Flash instrumentalist has been discontinued later Android 4.1 version every bit the instrumentalist comes integrated amongst the mobile browser itself. There is no official Adobe Flash Player available on the Google Play Store. Adobe had too announced that it volition halt updating together with distributing Flash instrumentalist yesteryear the terminate of 2020 inward all formats of the browser.
To rest security from this trojan, users should accept attention to download solely verified apps together with avoid third-party apps or links provided inward SMS or emails. Users should too hold the “Unknown Sources” alternative disabled inward the settings (Settings > Security > Unknown Sources).
Additionally, users are advised to install a trusted mobile security app that tin discovery together with block faux together with malicious apps earlier they tin infect their device.
It is too strongly advised to ever hold the device OS together with mobile security apps up-to-date every bit per official instructions.
