Security and anti-virus firm Quickheal reported spotting a malware on Android which is capable of hacking banking apps in order to get private details, these include login details and much more.
The malware which was detected targets around 232 banks around the globe. Quick heal published a blog post on their official blog where they revealed that the malware is called “android.banker.a2f8a”. The code has a potential of intercepting SMS that contains OTPs, stealing personal data, stealing contacts and has even carried out notorious acts with a bunch of banking apps.
Indian banks targeted by this malware were HDFC banks ( both lite and regular versions ), Axis Bank, iMobile by ICICI bank, SBI anywhere personal, IDBI bank ( Go mobile+ and Go mobile ) and Union Bank. The list also includes some passbook applications like Baroda mPassbook and IDBI Bank mPassbook.
The malware was found to be present in a sort of Fake Flash Player apk present on some of the third party stores. once installed, the app immediately asks for admin rights. if the user denies access to admin rights, the application throws continuous popups until the user accepts. If the app gets admin access, the icon is hidden and it starts hunting financial applications.
The application hunts for around 232 applications. These include apps related to banking or cryptocurrency services, according to the quick heal Blogspot. Once it finds any of the banking apps, the application generates a fake notification which appears to be from the bank. It is basically a phishing screen where the trojan steals information such as password and Login ID.
This isn’t where it ends, the data Android.banker.a2f8a isn’t limited to Login ID details. As per Quick heal, it is also able to Hijack SMSs, contact lists, location details and pass them on to malicious servers. If you’re an Android user, please take note of the information that Adobe has discontinued Flash player. Even on official google play store, there is no such application.