Android Apps of Four major Australian Banks, Hijacked by a Malware!

Westpac, National Australia Bank, ANZ Bank and Commonwealth Bank are four major banks of Australia. The Android apps of these four banks have been hijacked by a Malware. With the help of this Malware, cybercriminals are stealing two-step SMS codes from the device of victim. They are also stealing saved login credentials from victim’s device.

The Android users, who have installed these apps from third party app stores are also the victims of this scam. The Authors of this Malware are very smart and they have used hard coding skills to design this Malware. This Malware hides itself among the other system files of device and wait until user open the legitimate application of any bank. Then this malware superimpose a fake login page on the screen of device. User thinks it is the login page of legitimate bank app and fill his credentials. It is the way, how criminals are capturing user names and passwords of victims.

This Malware is very dangerous and it is targeting 20 applications of different banks of Australia, Turkey and New Zealand. This malware is also capable to superimpose the login pages of eBay, PayPal, WhatsApp, skype and many other services of Google. This Malware is also targeting many financial institutions such as Bankwest, St. George Bank, Bendigo Bank, ASB Bank, Kiwibank, Wells Fargo, Garanti Bank, VakifBank, Halkbank, Finansbank, Turkiye Is Bankas, Akbank and many more.

This Malware is stealing Two-Factor Authentication Codes Also

This Malware is also able to intercept the Two-Factor authentication code, which is sent by the servers of banks as a SMS to the phone. After stealing this code, malware will transfer it to Command and Control (C&C) servers from where hackers can monitor the code. By using that code, Hackers can access the accounts of victims from anywhere in the word. Hackers can transfer all the money from hacked accounts.

Nick FitzGerald is senior researcher at ESET and he said that this Malware attack is major attack for the banks of Australia and New Zealand. There is need to fix all security issues as soon as possible because it should not be taken as a light attack or problem. Hackers are very smart and they are using different type of coding skills to design a Malware and it is becoming difficult to understand its working processes even by security experts.

At the moment, cybercriminals are targeting 20 major applications related to banking services but in future they could design more complex Malware to do more big attacks.

How this Malware is getting entry into Devices?

Security Researchers of ESET discovered that, this Malware is getting entry into Android devices through Adobe Flash Player. This is the only application, which is required to many websites in order to play video clips on their webpage. If user installs this flash player from third party websites and by clicking on malicious links, he get affected by this Malware. After getting entry into device this malware sends all the login credentials to the hackers through specially designed servers (C&C servers).

This infected Adobe Flash Player is not comes from official “Google Play Store”. In actual users have been tricked by hackers to download Adobe Player from their malicious websites. Hackers are using many bogus domains to target users. “adobeflashplaayer.com”, “adobeplayerdownload.com” and “flashplayerupdates.com” are some examples of these bogus websites.

Always install applications from trusted Play Store such as, “Google Play Store”.

How to remove this Malware?

Settings> Security > Device Administrator menu.

When you will try to uninstall Adobe Flash Player, a fake warning will occur like “By uninstalling this, Data Should be lost”. This would be bogus warning and you have to uninstall that malicious application.

If you have disabled the rights of Administrator on your device, here is the method to uninstall it:

Settings> Application Manager> Flash Player> Uninstall

Here you can see many bogus warnings about your data loss but it you have to uninstall Adobe Player in order to keep your money safe from hackers.