This newly discovered Android malwareย can steal bank details on Android phones
Customers of the four of Australiaโs largest banks are targeted by a sophisticated Android attack that stealsย account details and removes two-factor authentication security functionality.
The four big banks involved are the Commonwealth Bank, National Australia Bank, Westpac and the ANZ Bank. These banksโ millions of customers have been put at risk by the malware which infects devices and hides from the user, waiting for the moment when a user opens the banking apps.
Millions of customers using applications fromย Commonwealth Bank, Westpac, National Australia Bank and ANZ Bank are all at risk ofย the malware, known asย Android/Spy.Agent.SI.
ESET has released a report which describes the malware. The malware has been dubbed as Android/Spy.Agent.SI and is able to steal login details by locking down a phone when you try to enter a bankโs app. From there, it will display a fake login screen for the bank and wonโt let users leave that until they type in9 the details.
This allows hackers to use the stolenย credentials and log into a victimโs account of the and transfer money out of it.
Unfortunately, the malware also has a self-defence mechanism thatย stopsย users from uninstalling the banking app from the infected device. In addition to stealing the login details of customers, the hackers can also intercept verification text messages sent to the device, allowing them to thwart extra security measures put in place by the banks.
With this unique code, the hackers can log in to an account easily and transfer money.
Theย malware even deletes all details of the attempted login from the device.
“This allows SMS-based two-factor authentication of fraudulent transactions to be bypassed, without raising the suspicions of the deviceโs owner,โ ESET malware researcher Lukas Stefanko said in a statement.
According to ESET, the malware is theย brain child of sophisticated hackers and developed over a long period of time.
โThis is a significant attack on the banking sector in Australia and New Zealand, and shouldnโt be taken lightly,โ Nick FitzGerald, senior research fellow at ESET, said,ย as reported by The Sydney Morning Herald.
“While 20 banking apps have been targeted so far, there’s a high possibility the e-criminals involved will further develop this malware to attack more banking apps in the future.”
Mr Stefanko said, “The attack has been massive and it can be easily refocused to any other set of target banks.”
BankWest, Bendigo Bank, St George Bank, Bank of New Zealand, Wells Fargo and Kiwibank are also among the list of vulnerable banks.
By imitating the Adobe Flash Player application, the malware gets an entry into any Android device.
Android devices infected with the malware will display ‘Flash Player’ in the list of device administrators. You can go to the Settings > Security > Device Administrators menu to check.
Ifย users attemptย to removeย โFlash Playerโ from the list, an alert warning will pop up saying that data may be lost, but it is safe to press ‘OK’. Once the device administrator rights are disabled, the malware can be uninstalled. Go toย Settings > Apps/Application manager > Flash Player > Uninstall.
