Android Malware Leaves Mobile Banking Users Vulnerable

New details from ESET researchers, a Slovakia-based company, suggests that there is a new strain of Android malware that has the ability to compromise mobile banking users’ login credentials.

What the research group reports is this type of Trojan malware has the ability to provide users with a fake login screen on their mobile banking app that prompts users to enter their credentials as they normally do. The malware then steals the credentials and enables cybercriminals to have access to the victim’s bank account access, which they then can remotely transfer money from.

The research group even believes the hackers can use the malware to gain access to text messages from the device.

“This allows SMS-based two-factor authentication of fraudulent transactions to be bypassed, without raising the suspicions of the device’s owner,” said Lukáš Štefanko, an ESET Malware Researcher who specializes in Android malware.

This particular Trojan is spread using a Flash Player application imitation and gains rights to the device after the app requests device administrator rights. That step makes it difficult to uninstall it from the device. The malware then reviews the device for banking applications it can target and eventually pushes the fake login screen from its server. The fake login screen keeps the screen locked until the customer enters their banking credentials.

The researchers believe this targets 20 financial institutions across major banks in Australia, New Zealand and Turkey.

“The attack has been massive and it can be easily re-focused to any another set of target banks,” Štefanko said.