Quick Heal IT Security Solutions has detected an Android Banking Trojan that targets over 232 Mobile Banking and Bitcoin Apps. These include various apps offered by Indian Banks like SBI, HDFC, ICICI, IDBI etc. The malware can easily trick any user since it is masquerading as a trusted Adobe Flash product. Let’s see how this malware works and how to detect and remove it.
Trojan Entry & Activity
The Android.banker.A2f8a trojan, previously detected as Android.banker.A9480, gains entry into users mobile device disguised as a fake Flash Player app from third-party stores. Once installed, the app manages to gain administrator privilege by constantly annoying pop-ups. On getting the admin rights, the app hides its icon from the launcher and starts running the malicious code in the background.
The code will now start searching for any user installed Banking or Cryptocurrency apps. If it detects one from its hitlist, the malware will create fake notifications on behalf of the targeted app. If any user clicks on this notification, fake login screens will be shown as screen overlays to steal credentials.
In addition, the malware is also capable of receiving and processing certain commands from a C&C server. These include sending SMS, reading/collecting SMS, reading contact list, creating USSD requests, collect GPS/IP address info. The app can request for ACCESSIBILITY Permission and also modify the URLs in Shared Preferences.
Combining all these functions, the app can easily bypass 2-factor authentication and steal a user’s Banking credentials. Even though Quick Heal figured the app activity, they weren’t able to monitor its dynamic activity since the C&C Server was down. They have also released a list of Indian Banking apps targeted by this malware. You can learn more and get the extensive list which includes Bitcoin, other banking, and shopping apps from their blog.
List of Some Indian Banking Apps At Risk
- Axis Mobile
- HDFC Bank MobileBanking
- SBI Anywhere Personal
- HDFC Bank MobileBanking LITE
- iMobile by ICICI Bank
- IDBI Bank GO Mobile+
- Abhay by IDBI Bank Ltd
- IDBI Bank GO Mobile
- IDBI Bank mPassbook
- Baroda mPassbook
- Union Bank Mobile Banking
- Union Bank Commercial Clients
Detection, Removal & Protection
You can easily detect and remove the Android Banker Trojan with any reliable mobile security app for Android. To stay safe, we recommend you to keep your device protected with a security app like Quick Heal, Kaspersky etc. It is also recommended to update your device with latest security patches from Google or manufacturer. To stay safe, never install apps from third-party websites, keep the install apps from “Unknown Source” disabled and also verify the permission before clicking allow during app installation. Hope the article was informative, Peace!