A large-scale malware hijacking threat has been discovered that’s capable of taking over Android phones and gaining access to users’ bank logins. Vulnerable banking apps include Westpac, Commonwealth Bank, St. George, National Australia Bank, Bankwest and ANZ. Here’s what you need to know.
Go image from Shutterstock
Digital protection agency ESET has revealed that the majority of Android banking apps in Australia and New Zealand are at risk from a sophisticated new malware attack that is distributed through infected apps. Dubbed Android/Spy.Agent.SI, the malware locks down the victim’s phone when they open their banking app and redirects them to a fake login screen overlaid on top of the genuine app.
The fake app cannot be removed from the screen until login details are entered. Once armed with the user’s client number and password, the thieves can transfer money out of the account using their own devices.
Even more worryingly, the malware has a self-defence mechanism that prevents it from being uninstalled. The hacker is also granted administrator rights, which means they are free to hijack everything on the phone — including SMS, which allows the hackers to bypass two-factor authentication.
Business Insider reports that Westpac, Bendigo Bank, Commonwealth Bank, St. George Bank, National Australia Bank, Bankwest, Me Bank, ANZ Bank, ASB Bank, Bank of New Zealand, Kiwibank, Wells Fargo, Halkbank, Yap Kredi Bank, VakfBank, Garanti Bank, Akbank, Finansbank, Türkiye Bankas and Ziraat Bankas are all under threat.
“This is a significant attack on the banking sector in Australia and New Zealand, and shouldn’t be taken lightly,” said Nick FitzGerald, Senior Research Fellow at ESET.
“While 20 banking apps have been targeted so far, there’s a high possibility the e-criminals involved will further develop this malware to attack more banking apps in the future. Mobile malware is becoming more common and complex. Smartphone and tablet users should be aware of the ramifications of entering personal information into potentially fake login screens.”
Currently, no banks have reported real-world cases of Android/Spy.Agent.SI-related attacks, but that could all change very soon. Naturally, you are advised to be extra vigilant when downloading apps from the web and to refrain from logging into any app that cannot be removed from the screen.
If you recently enabled downloads from unknown sources and have added any Flash-based apps to your phone you could be in immediate danger. If you suspect something is awry, try booting up your device in Safe mode and checking the Device Administration list for suspicious activity.
[Via Business Insider]