A malware was detected on Android, that targets apps of 232 banks worldwide, including some in India. Reported by a Quick Heal blog, the malware, called Android.banker.A2f8a, has the potential of stealing personal data, intercepting SMS which contain OTPs, stealing contacts, and has carried out nefarious activities with some banking apps.
In India, Quick Heal identified the list of banks whose apps which are being targeted by Android.banker.A2f8a. This includes mobile banking apps of Axis Bank, HDFC Bank (regular and LITE versions), SBI Anywhere Personal, iMobile by ICICI Bank, IDBI Bank (Go Mobile and Go Mobile+) and Union Bank. The list also included mobile passbook apps such as IDBI Bank mPassbook and Baroda mPassbook.
The Android Banking Trojan was found as a part of a fake Flash Player app present on third-party stores. This fake app asks users for administrative rights just after setup. Even if a user initially denies admin access, the app continues throwing pop-up windows until the user accepts. Once the app gets admin rights, it hides its icon and seeks financial apps.
This malware has been found searching for 232 apps, related to banking and cryptocurrency services, as per the Quick Heal blogpost. If it accesses any of these apps from a user’s smartphone, it generates a fake notification sent on behalf of the banking app. Once the notification is accessed, the malware creates a fake login screen, which allows the trojan to steal confidential information like login ID and password for the banking app.
The extent of data collection by Android.banker.A2f8a isn’t limited to details on the banking app. Quick Heal states that the trojan is able to hijack SMSes, disclose location details and hijack contact lists, which it uploads to malicious servers. Consumers with banking apps on their Android devices must note that following Android 4.1, Adobe Flash Player has been discontinued. Even in the latest Google Play Store, there is no Adobe Flash Player app available.