A new Android Banking Trojan named 'Android.banker.A9480' is targeting at least 232 banking apps and it includes a few banks in India. According to Quick Heal Security Labs, the malware is programmed to steal personal data from users. Just like any other banking malware, this one sniffs out user login data, SMSes, contact lists and uploads the collection to a server. Apart from targeting banking apps, the Trojan also affects cryptocurrency apps installed on a user's phone.
According to Quick Heal, Indian banking apps that are targeted by the 'Android.banker.A9480' Trojan are, Axis mobile, HDFC Bank MobileBanking, SBI Anywhere Personal, HDFC Bank MobileBanking LITE, iMobile by ICICI Bank, IDBI Bank GO Mobile+, Abhay by IDBI Bank Ltd, IDBI Bank GO Mobile, IDBI Bank mPassbook, Baroda mPassbook, Union Bank Mobile Banking, and Union Bank Commercial Clients.
'Android.banker.A9480' malware is suspected to be circulated through a fake Flash Player app on third-party stores, said Quick Heal.
Cybercriminals are known to target the Flash Player app due to its popularity. Once the application is downloaded, users get several notifications to activate admin rights. The app sends frequent pop-ups to its victims until the privileges are turned on, said the report.
The Trojan icon gets hidden once the user taps on it and works in the background, checking for one of the 232 banking apps. When the targeted app is found, the Trojan sends out a notification similar to the legit app, and leads users to a fake login window that is then used to extract private data like login ID and password. The app can also display fake notification, accessibility and GPS permission, bypass OTP based two factor logins and more.