Android malware targets bank and social media apps

Cybersecurity experts are warning about new Android malware that can steal the login credentials from 94 different mobile banking apps around the world.

  21 1 comment

Android malware targets bank and social media apps

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The malware masquerades as a Flash Player app that, once installed, appears in a phone launcher, says Fortinet. If a phone owner launches the app they see a fake Google Play screen asking for permissions that grant the malware administrator rights.

Then, when a banking app is opened, the malware creates a fake overlay, tricking victims into entering their login credentials. Among the bank apps being targeted are those of NAB, ING Direct and Citi, as well as PayPal.

In addition, the malware is also taking aim at social media apps. When users launch Facebook, Whatsapp, Snapchat, Twitter, Instagram and more, they are faced with a screen overlay asking for payment card details.

Meanwhile, due to its ability to intercept SMS communications, the malware is also able to bypass SMS-based two-factor authentication.

Fortinet says users can disable the device administrator rights through their phone settings and then uninstall the fake Flash Player.

Sponsored [Webinar] Money Mule Defence: Practical Applications and the Role of Technology

Comments: (1)

A Finextra member 

Would it not be useful if this story gave some examples of what the software might be called, so that we can look out for it?

[New Impact Study] Catering to a new generation through unified card programmesFinextra Promoted[New Impact Study] Catering to a new generation through unified card programmes