Android Trojan Targets Customers of 20 Major Banks


ESET experts warn of Android banking malware that can steal credentials – and even bypass two-factor authentication

MUMBAI, India – March 102016 – ESS Distribution, the leading provider of IT security solutions in Indian market, today announced that ESET researchers have discovered a strain of Android malware that can steal the login credentials of mobile banking users.

The malware, detected by ESET security systems as Android/Spy.Agent.SI, presents victims with a fake version of the login screen of their banking application and locks the screen until they enter their username and password. Using the stolen credentials, the thieves can then log in to the victim’s account remotely and transfer money out. They can even get the malware to send them all of the SMS text messages received by the infected device, and remove these.

This allows SMS-based two-factor authentication of fraudulent transactions to be bypassed, without raising the suspicions of the device’s owner“, explains Lukas Stefanko, ESET Malware Researcher who specializes in Android malware.

The Trojan spreads as an imitation of Flash Player application. After being downloaded and installed, the app requests Device administrator rights, to protect itself from being easily uninstalled from the device. After that, the malware checks if any target banking applications are installed on the device. If so, it receives fake login screens for each banking app from its command & control server. Then, once the victim launches a banking app, a fake login screen appears over the top of the legitimate app, leaving the screen locked until the victim submits their banking credentials.

This malware is subject to ongoing development. While its first versions were simple, and their malicious purpose easily identifiable, the most up-to-date versions feature better obfuscation and encryption.

The campaign discovered by ESET researchers targets major banks in Australia, New Zealand and Turkey. In fact, the 20 financial institutions currently targeted by the app include the largest retail banks in each of the three countries.

The attack has been massive and it can be easily re-focused to any another set of target banks,” warns Lukas Stefanko.

Additional details about the campaign, the malware used and – most importantly – how to remove this malicious application from devices can be found in Lukas Stefanko’s analysis on ESET’s official IT security blog, WeLiveSecurity.com.

# # #

About ESET

Since 1987, ESET® has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.

About ESS Distribution Pvt. Ltd.

ESS Distribution Pvt. Ltd. provides a wide range of security solutions in Indian market designed to protect small, medium and large businesses, as well as individual users. The company offers a range of advanced IT security suits, data backup and recovery solutions, document recognition and data capture software, and various other solutions helping businesses of all scales organize the data and the intelligence effectively. The sales are executed through a vast network of Channel Partners across India. Since 2007, ESS Distribution Pvt. Ltd. had been supplying ESET products in Indian market. For more information, visit: www.esetnod32.in

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: