According to the researchers, the malware known as “Android.banker.A2f8a” is being distributed through a fake Flash Player app on third-party stores.

Published Date

05 – Jan – 2018

| Last Updated

05 – Jan – 2018

Android banking Trojan may target Indian banks' mobile apps: Quic...

Global IT security firm Quick Heal’s Security Labs on Thursday announced it has spotted an Android Banking Trojan that imitates more than 232 mobile apps, including those offered by Indian banks like SBI, HDFC, ICICI, IDBI and Axis, among others.


According to the researchers, the malware known as “Android.banker.A2f8a” is being distributed through a fake Flash Player app on third-party stores.


Requesting to grant device administrator rights

After downloading the app, it keeps checking for the installed apps on the victim’s device and particularly looks for the 232 banking and cryptocurrency apps. 


Once any of the targeted apps is found on the device, the app shows fake notifications disguised as coming from the targeted app and asks users to log in with their credentials and ultimately tricks them by stealing their login ID and password.


“Users are advised to avoid downloading apps from third party app stores or links provided in SMSs and emails to keep their credentials safe,” Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies Limited, said in a statement.


“It is also strongly advised to keep device OS and mobile security app up-to-date,” he added.


In the background, the app carries out malicious tasks — it keeps checking the installed app on the victim’s device and particularly looks for 232 apps (banking and some cryptocurrency apps).


If any one of the targeted apps is found on the infected device, the app shows a fake notification on behalf of the targeted banking app. If the user clicks on the notification, they are shown a fake login screen which enables stealing the user’s confidential info like net banking login ID and password.


“Install a reliable mobile security app that can detect and block fake and malicious apps before they can infect your device,” Quick Heal said.


‘).insertAfter(‘.inside-container p:eq(1)’); */
// $( ” ).insertAfter(‘.inside-container p:eq(0)’);
//});#}
//method to trunkate the text
function shorten(text, maxLength) {
var ret = text;
if (ret.length > maxLength) {
ret = ret.substr(0,maxLength-3) + “…”;
}
return ret;
}

$(function(){
//function to put utm on DontMiss links
/*if(isDesktop()){
$(‘div.dontMiss > a’).each(function(){
$(this).prop(‘href’, $(this).prop(‘href’)+’?utm_source=within_article&utm_medium=desktop&utm_campaign=related’);
//trunkate dont miss content
var sub = shorten($(this).html(),47);
$(this).html(sub);
});
}else{
$(‘div.dontMiss > a’).each(function(){
$(this).prop(‘href’, $(this).prop(‘href’)+’?utm_source=within_article&utm_medium=mobile&utm_campaign=related’);
});
}*/

//disabled method to append dontmiss links to page content by Mayank
/*$(‘div.dontMiss > a’).each(function(index){
//loop over each list item

// if(index%2 > 0){
// index = index – 1;
// }
if($(‘.inside-container > p:eq(‘+index+’)’).length){
if(isDesktop()){
$(‘.inside-container > p:eq(‘+((index * 2) + 1)+’)’).append(‘

Related: ‘ + $(this).html() + ‘‘ );
}else{
$(‘.inside-container > p:eq(‘+((index * 2) + 1)+’)’).append(‘

Related: ‘ + $(this).html() + ‘‘ );
}
}
});*/
$(‘div.dontMissArea’).hide();

/* if(isDesktop()) {
$(‘div.dontMissArea’).hide();
}else{
$(‘div.dontMissArea’).show();
} */

/*
* ga event tracking on page scroll start and end by Mayank
*/

// Debug flag
var debugMode = false;

// Default time delay before checking location
var callBackTime = 100;

// # px before tracking a reader
var readerLocation = 150;

// Set some flags for tracking & execution
var timer = 0;
var scroller = false;
var endContent = false;
var didComplete = false;

// Set some time variables to calculate reading time
var startTime = new Date();
var beginning = startTime.getTime();
var totalTime = 0;

// Get some information about the current page
var pageTitle = document.title;

// Track the aticle load — disabled
if (!debugMode) {
// ga(‘send’, ‘event’, ‘Reading’, ‘ArticleLoaded’, pageTitle, {‘nonInteraction’: 1});
// console.log(“ga(‘send’, ‘event’, ‘Reading’, ‘ArticleLoaded’, pageTitle, {‘nonInteraction’: 1}”);
} else {
alert(‘The page has loaded. Woohoo.’);
}

// Check the location and track user
function trackLocation() {
bottom = $(window).height() + $(window).scrollTop();
height = $(document).height();

// If user starts to scroll send an event
if (bottom > readerLocation && !scroller) {
currentTime = new Date();
scrollStart = currentTime.getTime();
timeToScroll = Math.round((scrollStart – beginning) / 1000);
if (!debugMode) {
ga(‘send’, ‘event’, ‘Reading’, ‘StartReading’, pageTitle, timeToScroll, {‘metric1’ : timeToScroll});
} else {
alert(‘started reading ‘ + timeToScroll);
}
scroller = true;
}

// If user has hit the bottom of the content send an event
if (bottom >= $(‘.inside-container’).scrollTop() + $(‘.inside-container’).innerHeight() && !endContent) {
currentTime = new Date();
contentScrollEnd = currentTime.getTime();
timeToContentEnd = Math.round((contentScrollEnd – scrollStart) / 1000);
if (!debugMode) {
if (timeToContentEnd = height && !didComplete) {
currentTime = new Date();
end = currentTime.getTime();
totalTime = Math.round((end – scrollStart) / 1000);
if (!debugMode) {
ga(‘send’, ‘event’, ‘Reading’, ‘PageBottom’, pageTitle, totalTime, {‘metric3’ : totalTime});
} else {
alert(‘bottom of page ‘+totalTime);
}
didComplete = true;
}
}

// Track the scrolling and track location
$(window).scroll(function() {
if (timer) {
clearTimeout(timer);
}

// Use a buffer so we don’t call trackLocation too often.
timer = setTimeout(trackLocation, callBackTime);
});
});

‘).insertAfter(“.inside-container p:eq(2)”);
}

});



Source link