Commonwealth Bank, Westpac, National Australia Bank and ANZ Bank customers are all at risk from the malware which hides on infected devices waiting until users open their banking apps. The malware then overlay’s a fake login screen in order to make itself look legit whilst capturing usernames and passwords.
The malware is designed to mimic mobile banking apps from Australia and even New Zealand, as well as login screens for PayPal, eBay, Skype, WhatsApp and several Google services.
Apart from Australia’s Big Four banks, it targets a range of other financial institutions including Bendigo Bank, St. George Bank, Bankwest, ME Bank, ASB Bank, Bank of New Zealand, Kiwibank, to name a few.
Along with stealing login details, the malware can also intercept 2-step authentication codes sent to the phone via SMS — forwarding the code to hackers while hiding it from the owner of the phone. 2-step is a big Security factor in prevention of hackers gaining access as they require physical access to a device you keep with you. This has now been compromised.
Detected by ESET security systems as Android/Spy.Agent.SI, the malware sneaks onto Android devices by imitating the Adobe Flash Player application which many websites require in order to play streaming video. Once installed the app requests device administrator rights, checks for installed banking applications and then reports back to base in order to download the relevant fake login screens.
The infected Flash Player application does not come from Android’s official Google Play app store, instead phone users are tricked into installing via infected websites or bogus messages. To become infected Android owners must override the default security option and accept apps from unknown sources. The download comes from a range of bogus domains including flashplayeerupdate.com, adobeflashplaayer.com and adobeplayerdownload.com.
Google always enforce advise by saying to “install apps from trusted sources like Google Play”.
Infected Android devices include ‘Flash Player’ in the list of device administrators found under:
Settings > Security > Device Administrators menu
Attempts to remove Flash Player from this list generates a bogus alert warning that data may be lost, but it is safe, so continue by pressing OK. With its device administrator rights disabled it is possible to uninstall the malware via:
Settings > Apps/Application manager > Flash Player > Uninstall.
In some cases the malware overlay’s a fake warning over the Device Administration list to prevent deactivation. The solution is to restart the Android device in Safe Mode, which restarts the device with all installed apps disabled, preventing the malware from blocking access to the Device Administration list.
Please Note: Safe Mode is accessed in different ways on different devices, so consult your manual or support website.
The most important things to do is install Anti-Virus like Norton Mobile Security and never install things from places that are not trusted.
That’s it for now.
Comment & Share Below.
Thanks for reading.
See you on Technology News April 2016!