Millions of Android users have been targeted by a malware attack which steals banking and personal details and surpasses two-factor authentication.
Westpac, Commonwealth Bank, ANZ Bank and National Australia Bank customers are at serious risk of having their devices compromised by malware that hides in the backend of the phone and activates when users open their banking apps. The malware then creates a fake login screen to steal usernames and passwords.
The malware hijacks the device by installing infected apps that ask for device administrator rights, which then gives access to all facets of the Android operating system.
The Android/Spy.Agent.SI can then monitor all of the device’s data including text messages, meaning that all banking-related two-factor authentication codes are being forwarded to the hackers. With access to these credentials, cyber thieves can bypass all banking security measures and gain full control of their victims’ bank accounts instantly.
Business Insider reports that St. George Bank, Bankwest, Me Bank, ASB Bank, Bank of New Zealand, Kiwibank, Wells Fargo, Halkbank, Yap Kredi Bank, VakfBank, Garanti Bank, Akbank, Finansbank, Türkiye Bankas and Ziraat Bankas are all under threat.
The application is not available via Android’s official Google Play app store. The malware is downloaded directly via infected websites or bogus domains such abobeflashplayer.com and flashplayeerupdate.com.
Last Month, Palo Alto Networks reported 22 Android apps that belong to a new Trojan family called ‘Xbot’.
“It tries to steal victims’ banking credentials and credit card information via phishing pages crafted to mimic Google Play’s payment interface as well as the login pages of 7 different banks’ apps,” Palo Alto Networks said.
Currently, there are no documented Android/Spy.Agent.SI attacks. Users are advised though to be extra cautious when downloading apps from the web, particularly third party apps not affiliated with the Google Play app store.
Devices infected with the malware will see ‘Flash Player’ in the list of Device Administrators on their phone. It is safe to remove to remove the ‘Flash Player’ from this list. The malware can be uninstalled when the device administrator rights are disabled via the Apps/Application manager.