Android banking Trojan targets banks apps, including India’s HDFC, ICICI and Axis

Quick Heal has spotted an Android trojan which corrupts banking apps to procure private details including login, and ID and can impact Indian banking apps as well

By: Tech Desk | New Delhi | Updated: January 5, 2018 2:49 pm
Android malware, Android Banking trojan, Trojan malware, banking malware trojan, banking apps, data privacy, fake Flash players, Google Play Store, mobile banking, Adobe Flash Player, HDFC Bank, ICICI Bank, Axis Bank, cyber security, personal banking Reported by a Quick Heal blog, the malware, called Android.banker.A2f8a, stole personal data and carried out nefarious activities over and above legitimate apps. (File Photo)

A malware was detected on Android, that targets apps of 232 banks worldwide, including some in India. Reported by a Quick Heal blog, the malware, called Android.banker.A2f8a, has the potential of stealing personal data, intercepting SMS which contain OTPs, stealing contacts, and has carried out nefarious activities with some banking apps.

In India, Quick Heal identified the list of banks whose apps which are being targeted by Android.banker.A2f8a.  This includes mobile banking apps of Axis Bank, HDFC Bank (regular and LITE versions), SBI Anywhere Personal, iMobile by ICICI Bank, IDBI Bank (Go Mobile and Go Mobile+) and Union Bank. The list also included mobile passbook apps such as IDBI Bank mPassbook and Baroda mPassbook.

The Android Banking Trojan was found as a part of a fake Flash Player app present on third-party stores. This fake app asks users for administrative rights just after setup. Even if a user initially denies admin access, the app continues throwing pop-up windows until the user accepts. Once the app gets admin rights, it hides its icon and seeks financial apps.

This malware has been found searching for 232 apps, related to banking and cryptocurrency services, as per the Quick Heal blogpost. If it accesses any of these apps from a user’s smartphone, it generates a fake notification sent on behalf of the banking app. Once the notification is accessed, the malware creates a fake login screen, which allows the trojan to steal confidential information like login ID and password for the banking app.

The extent of data collection by Android.banker.A2f8a isn’t limited to details on the banking app. Quick Heal states that the trojan is able to hijack SMSes, disclose location details and hijack contact lists, which it uploads to malicious servers. Consumers with banking apps on their Android devices must note that following Android 4.1, Adobe Flash Player has been discontinued. Even in the latest Google Play Store, there is no Adobe Flash Player app available.

For all the latest Technology News, download Indian Express App

  1. Sri Ni Vasu
    Jan 6, 2018 at 2:45 pm
    Be aware about Mobile Banking Apps. How to protect your e-wallets, banking apps from viruses : gstrendsnow. /2018/01/be-aware-about-mobile-banking-apps-how
    1. Narendirakumar Natarajan
      Jan 5, 2018 at 7:50 pm
      Is this issue only for android or it also affects ios ?