Beware: Malicious Android application wants your banking credentials
There’s a new Android Trojan app targeting bank customers around the world. This malware masquerades as a Flash Player app and can steal your bank login credentials as well as target non-banking services such as Skype, LinkedIn, PayPal, and Facebook.
Another dangerous feature of this malware is that once admin rights are approved, the malware can send and receive text messages. This enables the attackers to bypass two-factor authentication systems that use SMS. (Two-factor authentication is an extra layer of security that requires not only a password and username but also something else that the user has or knows, such as a code from a physical token.)
Users are tricked into activating the malware via a Google Play Service screen that is actually a screen overlay. Once downloaded, the user is asked to grant admin rights to their device, which prevents the malware being uninstalled. Once installed, the Flash Player icon isn’t visible to the user but the malware remains active in the background.
The malware then collects information about the device, sending it to a command and control (C&C) server. When targeting a banking application, the malware displays a screen overlay above the application, designed to look authentic. This behaves like a locked screen which requires the user to enter login credentials for their mobile banking apps. Once this is done, the malicious overlay closes. The malware focuses not only on mobile banking apps, but Google account credentials as well.
Users can also be asked to enter credit card data, which the attackers can verify through the C&C server. Once verified, the malware pops up a fake “Verified by Visa” or “MasterCard SecureCode” view, designed to capture the victim’s full card details.Tips to help you:
- Be careful of apps downloaded from outside the Google or Apple app stores, which are generally safer. Take care with free apps, too.
- Be suspicious of any newly installed applications requiring your credit card information or user credentials.
- Keep your phone up to date: Remove unused or unneeded apps.
In most circumstances, users may remove the malware by disabling the administrator rights of the bogus Flash Player through Settings->Security->Device Administrators->Google Play Service->Deactivate and uninstall “Flash Player.”