The first alarming news of the year is here. Recently, an Android Malware is reportedly targeting over 232 banking apps and the list also includes quite a few Indian banks. As per the reports by Quick Heal Security Labs, this Trojan malware, named as ‘Android.banker.A9480’, is mainly designed to steal personal data from users. Similar to other banking malware, this one also sneaks into login data, SMS, contact lists and uploads them to a malicious server. Additionally, apart from the banking apps, this Trojan also targets cryptocurrency apps present on a user’s phone.

As per the list by QuickHeal, the Indian banking apps being targeted by the Android banking Trojan malware includes, Axis mobile, HDFC Bank MobileBanking, SBI Anywhere Personal, HDFC Bank MobileBanking LITE, iMobile by ICICI Bank, IDBI Bank GO Mobile+, Abhay by IDBI Bank Ltd, IDBI Bank GO Mobile, IDBI Bank mPassbook, Baroda mPassbook, Union Bank Mobile Banking, and Union Bank Commercial Clients.

How does this work?

Quick Heal also added that this Android.banker.A9480 malware gets circulated via a fake Flash Player app on third-party stores. Now, this Flash Player is quite a popular target for cybercriminals due to its prevalence. Now, once the users have downloaded this malicious application, they would get several prompts to activate the admin rights. With that, the app also sends several pop-ups to victims, until the admin privileges are activated.

Once this app is installed on a smartphone, the icon gets hidden whenever the user taps on it. The malicious app keeps working in the background while checking for one of the 232 banking apps. Further, if the app finds any one of the targeted apps, it then sends a fake notification that resembles the banking app. When users would open this notification, they would get a fake login window that would be then used by the attackers to extract confidential data like login ID and password.

Also according to the blog posted by Quick Heal, the malware might as well process commands like sending and collecting SMS, upload contact list and location, display fake notification, accessibility and GPS permission, and more. Since the malware can intercept incoming and outgoing SMS from an infected smartphone, it would also be able to bypass the OTP based two-factor authentication on the user’s bank account.