Researchers working for the ESET security company, have uncovered a new trojan that’s targeting Android users in Australia, New Zealand and Turkey. The malware is trying to steal important login information for major banks and financial institutions, and then steal money out of those accounts.

Yesterday security researchers at ESET announced they were tracing a new type of malware that’s quickly spreading across Android devices. The piece of software originally gets on users’ phones by masquerading as Adobe’s Flash Player.

Once installed, the trojan looks for financial institution apps that may be installed on the user’s device. These include the major bank chains available in Australia, New Zealand and Turkey, as well as few social apps likes Skype. Once it identifies these apps it downloads fake login screens for each of them from its control and command (C&C) server.

The app performs a phishing attack by tricking users into writing their login information on a fake screen that it draws over the actual banking app. But what makes this software really dangerous is that is doesn’t stop there. Instead it waits for two-factor authentication messages, that many banking apps use, and then sends the security codes to its C&C server. With this, the criminals behind the software can get complete access to bank accounts, at least for a while.

The good news is that the trojan only affects devices that have installed apps from third party sources and it’s not in the actual Google Play Store. Those very, very few users using Android 6 Marshmallow should also get more protection against these types of attacks thanks to the extra permissions they’d need to give the app in Android M.

As usual, we recommend you always use the most recent OS version available for your device and download apps from safe sources that you trust.

Source: ESET Blog