- Date : 12/01/2018
- Read: 3 mins
A new phone malware is making the rounds, and it could steal your bank details. Here's what you should know about it.
Banks across the country have issued official warnings to their customers stating that their mobile bank credentials could be at risk of being stolen. A malware disguised as a Flash Player can attack mobile devices through unauthorised messages or pop-ups on websites.
An advisory by Quick Heal Security Labs follows the warning and states that they have detected an Android Banking Trojan that targets over 232 banking apps, including those offered by Indian lenders.
Related: Know your cheque [Infographic]
What is this malware?
Declared as Android.banker.A2f8a, the malware was detected previously as Android.banker.A9480. Nitin Bhatnagar from SISA information security fears that this operation is similar to that of a phishing website. The malware is known to work in the background of a computer system and send fake notifications resembling the ones you receive from banks. These are linked to counterfeit login screens transport users once they click on the application. Users are then tricked into filling confidential data which is stolen or could be used maliciously. The malware also blocks SMSs sent by banks and accesses one-time passwords.
What can you do to secure your information?
IDBI bank has issued some guidelines for people to protect their confidential details from this fraudulent misuse.
- Everyone is advised to adopt the best practices of using mobile banking in a more digitally secure manner. Download apps only from credible sources, and be cautious while visiting unfamiliar websites or clicking on links or pop-ups.
- You are also advised against using 'jailbroken' or 'rooted' mobiles for banking or online transactions. Jailbroken iPhones are quite vulnerable to malware and hacking. They allow you to install apps on your phone that are not a part of the official app store.
- Rooting an Android phone allows the user to make minute changes to the operating system, which could lead to the installation of malicious apps if you are careless.
Karur Vysya Bank has pointed out to users that Adobe Flash player is an inbuilt feature in Android mobile browsers since version 4.1, and official versions are not offered for download on Google Play Store. So, consumers need to be careful and not fall prey to any download options that they come across.
Nitin Bhatnagar adds that while there are no standards for mobile applications, there are essential practices for secure coding. He urges banks that procure apps from third-party vendors to ensure that these vendors provide every test report, indicating that they have followed the necessary payment application data security standards (PA-DSS).
A total of 232 banking apps have been targeted due to this.
Major banking apps that have been affected due to the Android Banking Trojan include Axis Mobile, HDFC Bank Mobile Banking, SBI Anywhere Personal, HDFC Bank Mobile Banking LITE, iMobile (ICICI Bank), IDBI Bank GO Mobile+, Abhay (IDBI Bank Ltd), IDBI Bank GO Mobile, IDBI Bank mPassbook, Baroda mPassbook, Union Bank Mobile Banking, Union Bank Commercial Clients and many more. The malware can also target cryptocurrency apps like Bitfinex, Bitcoinium, Bitcoin Ticker Widget, Bitcoin Price, BitCoin Wallet, Blockchain Merchant, Bitcoin and Ether Wallet, CoinMarketCapp among others.