When prompted for security permissions or login credentials while browsing through an app on their mobile phones, users have a tendency to enter the details required without a second thought. But what if doing this could lead to your sensitive data being compromised? If the latest alert from Quick Heal Security Labs is any indication, this is a very real possibility. Security experts at Quick Heal Security Labs have detected two sophisticated Android Banking Trojans which exploit this particular user behavior to gain access to confidential data. Detected as Android.Marcher.C and Android.Asacub.T, the trojans imitate notifications from popular social applications such as WhatsApp, Facebook, Skype, Instagram, and Twitter, as well as some of the leading banking apps in India.
According to the experts, Android.Marcher.C uses the Adobe Flash Player icon to look like a genuine app, while Android.Asacub.T mimics an Android Update icon. Whenever users access an app on the database of these malware, they are tricked into entering sensitive information such as banking credentials, card details, and login IDs/passwords before they can continue using the app. By gaining access to incoming messages through administrative privileges, these malware also allow hackers to bypass the two-factor OTP authentication typically used for securing online transactions in India.
Speaking about the newly-identified Android Banking Trojans, Sanjay Katkar, Co-founder & CTO – Quick Heal Technologies Limited, said, “Mobile is the most-used medium to access sensitive personal information, be it for banking, social, or online commerce, but Indian users often download unverified apps from third-party app stores and links sent through SMS and email. This gives hackers a lucrative opportunity to steal confidential information from unsuspecting users. The fact that we’ve detected three similar malware in less than six months indicates that hackers are now targeting mobile users, who are far more vulnerable to sophisticated phishing attacks.”
This is not the first time that Quick Heal Security Labs has detected such a malware. The research and response division of Quick Heal Technologies, one of the leading providers of IT security solutions, had previously raised an alert in January 2018 about a similar Android Banking Trojan. Known as Android.banker.A2f8a, the malware was distributed through a fake Flash Player on third-party app stores and mimicked more than 232 banking and cryptocurrency apps.
Quick Heal recommends Android users to avoid downloading apps through third-party app stores or through links provided in SMS and email to protect themselves from Android Banking Trojans. It also advises to always keep ‘Unknown Sources’ disabled, and to verify app permissions before installing any app from official stores. Users must also keep their Google Play Protect service always ‘ON’ and install a reliable mobile security app to detect and block fake/malicious apps, in addition to keeping their device OS and mobile security apps up-to-date.