Android Banking Trojan affecting popular banking apps

Android Banking Trojan

As the digital transactions are growing, everyone started having banking Applications on their smartphone. These apps provide ease in performing transactions and other bank related tasks. But beware, there is an Android Banking Trojan that can steal credentials from various Banking Apps, including most popular Indian Banks. The list includes SBI, ICICI, HDFC, IDBI etc popular Indian banks.

The Android Banking Trojan was first found by Indian Security Research organization ‘Quick Heal Labs’. They reported the trojan on their official blog. The trojan called Android.banker.A2f8a, has the capability of stealing personal data, intercepting SMS which contains OTPs, stealing contacts, and has carried out heinous activities with some banking apps.

Quick heal also identified a list of Android Apps that are being targeted by this android banking trojan. This Android Banking Trojan was found attempting a to search for 232 apps, related to banking and cryptocurrency services, as per the Quick Heal blog.

How the Android banking Trojan Infects?

This trojan is being distributed through a Fake Flash Player App. This Fake app is posted on third-party app stores and distributed through Fake .apk files. Since Adobe Flash player is available in the mobile browser itself, it has been discontinued after Android 4.1 version. There is no official Adobe Flash Player available on the Google Play Store. Adobe Flash is one of the most widely distributed products on the Internet. This is not extraordinary as Adobe Flash Player is often targeted by attackers to distribute various malicious scripts and malware.

How does the Android Banking Trojan work?

Once the app is installed on a smartphone, it asks the user to enable Administrative Rights. If the user denies Administrative Rights, the app keeps showing pop-ups asking for administrative rights. Once the user provides necessary rights, the app icon gets disappears.
The malicious app keeps working in the background while checking for one of the 232 banking apps. Once the app finds one of the targeted apps, it sends a counterfeit notification that resembles the banking app. When the user opens the mock notification, he is presented with a fake login page asking for information such as Username and Password.

What more about the Android Banking Trojan?

The trojan can easily steal user’s login credentials by using a fake login page.
The Quick Heal blog also says, that, this Android Banking Trojan can intercept all incoming and outgoing SMSs from the infected device. This enables attackers to bypass SMS-based two-factor authentication on the victim’s bank account (OTP).
the trojan can process commands like sending and collecting SMS, upload contact list and location, display fake notification, accessibility and GPS permission, and much more.

How to be safe from Android Banking Trojan:

1. Never download android apps from third-party stores. Install only from Google Play.
2. Disable installing of apps from ‘Unknown Sources’. This is present in settings under privacy/security option.
3. Never install Cracked ‘.apk’ files downloaded from third-party websites.
4. Always update apps only through Google Play Store.
5. There is no any app with the name ‘Adobe Flash Player’ or ‘Flash Player’.
6. Always verify app permissions before installing any app even from official stores such as Google Play.
7. Always keep Android OS and Apps updated.

Users of banking apps should stay safe from Android Banking Trojans by avoiding downloading apps from third-party app stores or links provided in SMSs or emails. On a final Note, the banking apps are not infected in any manner, It is the trojan app that is the concern on this issue.


Official Quick Heal Blog Post

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.