A malware was detected on Android, which infected banking apps of 232 banks worldwide, including some in India. Reported by a Quick Heal blog, the malware, called Android.banker.A2f8a, stole personal data and carried out nefarious activities over and above legitimate apps.
In India, Quick Heal identified the list of banks whose apps have been affected by Android.banker.A2f8a. This includes mobile banking apps of Axis Bank, HDFC Bank (regular and LITE versions), SBI Anywhere Personal, iMobile by ICICI Bank, IDBI Bank (Go Mobile and Go Mobile+) and Union Bank. The list also included mobile passbook apps such as IDBI Bank mPassbook and Baroda mPassbook.
The Android Banking Trojan was found as a part of a fake Flash Player app present on third-party stores. This fake app asks users for administrative rights just after setup. Even if a user initially denies admin access, the app continues throwing pop-up windows until the user accepts. Once the app gets admin rights, it hides its icon and seeks financial apps.
This malware has been found searching for 232 apps, related to banking and cryptocurrency services, as per the Quick Heal blogpost. If it accesses any of these apps from a user’s smartphone, it generates a fake notification sent on behalf of the banking app. Once the notification is accessed, the malware creates a fake login screen, which allows the trojan to steal confidential information like login ID and password.
The extent of data collection by Android.banker.A2f8a isn’t limited to details on the banking app. Quick Heal states that the trojan is able to hijack SMSes, disclose location details and hijack contact lists, which it uploads to malicious servers. Consumers with banking apps on their Android devices must note that following Android 4.1, Adobe Flash Player has been discontinued. Even in the latest Google Play Store, there is no Adobe Flash Player app available.