Sockbot malware
Android malware hits banking appsCreative Commons

As we have progressed to a digital era, all our activities happen online. Smartphones are the most convenient way of getting online and it makes communication, browsing, networking and even banking possible on-the-go. All major banks have their individual apps to help users get all the facilities like transfer, payments and alike. But there's a reason to worry for all those app users.

Quick Heal Security Labs has revealed that a Trojan malware called "Android.banker.A9480" is stealing confidential data, such as login data, SMS, contact lists, from users' banking apps. After procuring the information, the malware then uploads them to a malicious server, where cybercriminals can use it to their advantage.

More than 232 banking apps have been affected by the deadly malware, which include major Indian banking apps such as HDFC Bank MobileBanking, SBI Anywhere Personal, HDFC Bank MobileBanking LITE, iMobile by ICICI Bank, IDBI Bank GO Mobile+, Abhay by IDBI Bank Ltd, IDBI Bank GO Mobile, IDBI Bank mPassbook, Baroda mPassbook, Union Bank Mobile Banking, and Union Bank Commercial Clients.

But the story doesn't end right there. According to Quick Heal security report, the Trojan also targets cryptocurrency apps present on a user's phone.

What makes this Trojan deadly is that it is disguised as a fake Flash Player app, which can fool any unmindful user. Once the app is downloaded on your phone, numerous pop-ups are sent to the user's phone until administrative privileges have been granted.

Following Facebook, Mozilla also Blocked Adobe Flash Player by Default in Firefox Browser
Deadly Android malware disguises as a Flash PlayerWikimedia

For your information, Adobe Flash player has been discontinued after Android 4.1 and there's no app on the Google Play Store. Adobe has also announced that it will stop updating and distributing Flash player for all formats of browsers, where it currently operates, by the end of 2020.

The malicious app shows fake notifications on behalf of the targeted banking app and when the user clicks on it, they are taken to a fake login screen to steal user's net banking login ID and password. With admin access to the phone, the malware can intercept all incoming and outgoing SMSs, allowing hackers to bypass the strict two-factor authentication or OTP-based verification.

The victims won't even know an SMS has arrived as the malware can silence all device notifications. The malware can process various commands like upload contact list and location, gain accessibility and GPS permission, and more.

Besides banking and cryptocurrency apps, Quick Heal Security Labs has found popular apps like Amazon, eBay, Airbnb, Western Union are more prone to the malware attack.

What can you do to protect yourself?

As dangerous as the malware's behaviour can be, there are a few tips to keep you safe from bank theft and identity theft.

Do not download apps from third-party stores or from links sent to your via SMS/email.

Always keep 'Unknown Sources' disabled. You can find this option under Settings > Security > Unknown sources.

Always verify app permissions before installing any app even from official stores such as Google Play.

Install a reliable mobile security app.

Check for software updates and always keep your phone updated.