This newly discovered Android malware can steal bank details on Android phones
Customers of the four of Australia’s largest banks are targeted by a sophisticated Android attack that steals account details and removes two-factor authentication security functionality.
The four big banks involved are the Commonwealth Bank, National Australia Bank, Westpac and the ANZ Bank. These banks’ millions of customers have been put at risk by the malware which infects devices and hides from the user, waiting for the moment when a user opens the banking apps.
Millions of customers using applications from Commonwealth Bank, Westpac, National Australia Bank and ANZ Bank are all at risk of the malware, known as Android/Spy.Agent.SI.
ESET has released a report which describes the malware. The malware has been dubbed as Android/Spy.Agent.SI and is able to steal login details by locking down a phone when you try to enter a bank’s app. From there, it will display a fake login screen for the bank and won’t let users leave that until they type in9 the details.
This allows hackers to use the stolen credentials and log into a victim’s account of the and transfer money out of it.
Unfortunately, the malware also has a self-defence mechanism that stops users from uninstalling the banking app from the infected device. In addition to stealing the login details of customers, the hackers can also intercept verification text messages sent to the device, allowing them to thwart extra security measures put in place by the banks.
With this unique code, the hackers can log in to an account easily and transfer money.
The malware even deletes all details of the attempted login from the device.
“This allows SMS-based two-factor authentication of fraudulent transactions to be bypassed, without raising the suspicions of the device’s owner,” ESET malware researcher Lukas Stefanko said in a statement.
According to ESET, the malware is the brain child of sophisticated hackers and developed over a long period of time.
“This is a significant attack on the banking sector in Australia and New Zealand, and shouldn’t be taken lightly,” Nick FitzGerald, senior research fellow at ESET, said, as reported by The Sydney Morning Herald.
“While 20 banking apps have been targeted so far, there’s a high possibility the e-criminals involved will further develop this malware to attack more banking apps in the future.”
Mr Stefanko said, “The attack has been massive and it can be easily refocused to any other set of target banks.”
BankWest, Bendigo Bank, St George Bank, Bank of New Zealand, Wells Fargo and Kiwibank are also among the list of vulnerable banks.
By imitating the Adobe Flash Player application, the malware gets an entry into any Android device.
Android devices infected with the malware will display ‘Flash Player’ in the list of device administrators. You can go to the Settings > Security > Device Administrators menu to check.
If users attempt to remove ‘Flash Player’ from the list, an alert warning will pop up saying that data may be lost, but it is safe to press ‘OK’. Once the device administrator rights are disabled, the malware can be uninstalled. Go to Settings > Apps/Application manager > Flash Player > Uninstall.