There’s a new Android malware on the loose with a large appetite for banking apps, targeting over 232 of them. It was first discovered by Quick Heal Security Labs and goes by the name Android.banker.A2f8a nowadays.
Android.banker.A2f8a gets into a person’s phone via a fake Flash Player application in third-party app stores. The official Adobe Flash player app hasn’t been around in the Play Store since Android 4.1 Jelly Bean, leaving a gap where a malicious hacker can step in.
Once Android.banker.A2f8a has been installed, it repeatedly asks the victim to activate administrative rights until they give in. The app then hides its icon, secretly carrying out surveillance to check which banking and cryptocurrency apps are around.
Once the target application has been found, Android.banker.A2f8a conjures up a fake notification from the banking app. The user then gets fooled into entering their login data. The malware can even monitor all incoming and outgoing SMSes, allowing it to bypass the OTP required for two-factor authentications on a person’s bank account.
The report claims that Android.banker.A2f8a can also upload contact lists and SMSes onto a malicious server and set the ringer volume to silent to prevent the victim from getting alerted to SMS notifications. Banks which are being targeted include HDFC Bank, Axis Bank, ICICI Bank, IDBI, SBI, Union Bank, and Bank of Baroda.
Quick Heal is advising Android smartphone owners to avoid downloading applications from untrustworthy third-party app stores and links distributed through SMSes and emails. It’s further recommending they verify app permissions even from the Play Store and keep ‘Unknown Sources’ disabled to stop installation of apps from sketchy sources.