A new Android Banking Trojan known as “Android.banker.A9480” has been discovered that targets over 232 banking apps including some of the Indian banks.
Discovered by Quick Heal Security Labs, the new Android banking malware is claimed to be designed for stealing login credentials, hijacking SMSs, uploading contact lists and SMSs on a malicious server.
Some of the banking apps said to be targeted by new Banking Trojan malware include Axis Mobile, HDFC Bank MobileBanking, SBI Anywhere Personal, HDFC Bank MobileBanking Lite, iMobile by ICICI Bank, IDBI Bank GO Mobile+, Abhay by IDBI Bank Ltd, IDBI Bank GO Mobile, Baroda mPassbook, Union Bank Mobile Banking, and Union Bank Commercial Clients.
List of Infected Apps.
Targeted Indian Banking Apps:
- Axis Mobile
- HDFC Bank MobileBanking
- SBI Anywhere Personal
- HDFC Bank MobileBanking LITE
- iMobile by ICICI Bank
- IDBI Bank GO Mobile+
- Abhay by IDBI Bank Ltd
- IDBI Bank GO Mobile
- IDBI Bank mPassbook
- Baroda mPassbook
- Union Bank Mobile Banking
- Union Bank Commercial Clients
Targeted Cryptocurrency Apps:
- Bitcoin Ticker Widget
- Bitcoin/Altcoin chart, alarm, ticker
- Flux Bitcoin Widget
- Bitcoin Price
- Crypto Prices All-in-One
- Blockchain – Bitcoin & Ether Wallet
- Blockchain Merchant
- WUBS Prepaid
- BTC.com – Bitcoin Wallet
- BTC SAFARI – Free Bitcoin
- Bitcoin Price IQ
- Bitcoin Wallet
- Blockfolio Bitcoin / Altcoin App
- Bitcoin Wallet by Freewallet
- Bitcoin NewsCrane
- Bitcoin CoinMarketCap.com (unofficial) / Altcoin
- Bitcoin Cash Wallet by Freewallet
- CoinMarketCapp – Blockchain Cryptocurrencies
- CryptoStory – Cryptocurrency Portfolio
- Dogecoin Wallet
We suggest you take several precautions in order to be safe from the Trojan/Phishing attack:
- Avoid installing untrusted Apps
- Check App permissions before installing any app
- Think thrice before granting admin access to an app
- Do not respond to any inappropriate or suspicious notifications
- DO NOT install Adobe Flash Player as the Android versions 4.0+ have it inbuilt on the device browser itself.
- Use reliable Antivirus tools and keep the device and Antivirus updated.
According to the QuickHeal report, the newly detected Trojan Tool is named as Android.banker.A9480 which uses Phishing method to attack the users. The app mostly comes with the skin of Adobe Flash Player, which is a quite ubiquitous and widely-installed tool in Android.
After the installation is done, the app prompts for granting administrative rights several times until the user allows the permission. Once the app gets permission, the app will search the device for any of the listed banking apps and shows a fake notification which resembles the Banking App notification. The notification directs the user to a fake login page which steals the username and password of the user.
Over 232 Banking Apps, Online Shopping Apps (Amazon, eBay, Airbnb, etc.) and several cryptocurrency related apps are targeted by this Trojan Virus.