Two new banking Trojans have been detected which imitate payment services offered by social media apps, as well as banking apps on Android smartphones and these are infecting devices in India. Spotted by IT security provider Quick Heal, these trojans, ‘Android.Marcher.C’ and ‘Android.Asacub.T’, were found were found affecting WhatsApp, Facebook, Twitter, and Instagram, as well as popular banking apps from India, according to a blog post.
The first of these trojans, ‘Android.Marcher.C’, uses Adobe Flash Player icon to appear genuine, while the ‘Android.Asacub.T’ trojan gets hidden by using the Android Update logo. Both of these can override administrative privileges, and create a fake window that asks for credit/debit card details. In this way, they can bypass two-factor authentication windows that appear during online transactions. Meanwhile, these trojans search for details of messages and contact info, as well as the most used apps.
While the ‘Android.Marcher.C’ trojan sends messages to select premium numbers, that disclose the user’s device ID, the malware searches for popular apps under two lists: social media and banking services. As it continues to mine for the data, users will find a fake payment window every time they open an app.
It will also block access until the user discloses any card details, that will get forwarded to a malicious server. Meanwhile ‘Android.Asacub.T’ opens the same payment gateway through a fake window that forces a user to update Android, and conducts the same app search.
As a cautionary note, users must remember not to open suspicious messages and links across apps and emails. In addition, they must also consider using apps that are verified by Google Play Protect, which they must keep on at all times. These banking bugs are the latest Quick Heal has observed for the Indina market, given that it had detected similar vulnerabilities in January.