Android malware Trojan targeting mobile banking apps and social media

A new Android malware Trojan has surfaced and is ripping through the entire banking sector in the US and Europe by appearing as a Flash Player App.

Android malware Trojan

Android malware Trojan targeting mobile banking apps and social media

The Android malware Trojan has already targeted the customers of around 94 major banking and financial apps in US and Europe including Santander, Coinbase, American Express, PayPal, Deutsche Bank, Credit Karma and Wells Fargo, and others.

This is a very sophisticated and advanced piece of malware, which is quite dangerous as well because it can easily evade the SMS-based two-factor authentication system.

According to Kai Lu, a security researcher at Fortinet, users who actively use banking applications on their mobiles need to remain cautious and beware of this new malware campaign. “This banking malware can steal login credentials from 94 different mobile banking apps.”

How it attacks:

When installed, the fake Flash Player app appears at the launcher and shows a screen overlapping all the other apps. When the user clicks on Cancel, this view disappears only to restart again. It always remains on top of your display screen.

When the user clicks on Activate button for deleting the request, the Trojan receives device administrator rights. The Flash Player icon then disappears but in the background the Trojan remains active. After gaining administrator rights, the self-defense mechanism of the malware prevents it from getting uninstalled.

This banking malware is capable of targeting various popular social media apps as well including Google Play Store, Facebook,Facebook Messenger, Calculator, Whatsapp, Twitter, Snapchat, Skype, Instagram and Viber.

This malware can also intercept SMS messages and this is why it is believed to have the capability of bypassing SMS-based two-factor authentication mechanism. It can also send and upload SMS messages along with running a factory reset and collecting sensitive information like the IMEI code of the device, ISO country code, phone’s model/build, phone number. The information is later sent to the Trojan’s command-and-control server.

To remove the Trojan manually disable the malware’s administrative rights using: Settings>Security>Device Administrators>Google Play Services>Deactivate.

When the rights of admin are deactivated, the user can find Flash Player update and uninstall it.

About Author

Leave A Reply