Invisible Man, the new Android malware that steals bank data

The malware sneaks onto victims' devices via a fake Flash update and installs itself as the default SMS application

A new and dangerous Android malware is popping up again. According to a report by Sophos, a UK-based IT security expert, the virus is a variant of Svpeng, another well-known and fearsome malware, which has been discovered on devices running Google's mobile operating system.

And like Svpeng, it aims to steal personal data, including bank details.

The malware, once it has managed to penetrate Android devices, installs itself as the default SMS application. Using the same modus operandi as Svpeng, the malicious software asks the user to use accessibility services. If he gets them, the virus has total control over the infected smartphone. The malware, which has been given the name Invisible Man, when a user opens an app - such as one from the Play Store, overlays fake phishing screens in an attempt to trick users into entering their banking credentials.

How the malware affects you

Invisible malware, then, poses a serious threat to user data, which if affected can be tricked into handing over their account access keys, allowing hackers to clean out their online bank accounts in this way. The malware sneaks onto Android devices through a well-known ruse: a fake Flash update. Paradoxically, the virus exploits the security issues of the program, which has often been accused of vulnerabilities. As it is well known, Flash must always be kept up-to-date. In fact, users are asked to download a Flash update, which is obviously fake.

Invisible Man, therefore, strikes by exploiting users' naivety. If it manages to get into the devices, the virus steals a lot of confidential information, including, as we have seen, banking information. Its danger lies in the fact that victims might not be able to distinguish the windows that the malware superimposes on the banking apps.

How to Protect Yourself

As experts warn, you should never click on such requests. In fact, it is advisable to download updates only through the Google Play Store, avoiding unknown digital markets.

Then, it is good to be on your guard when some app asks you to access certain phone permissions. And remember not to click on suspicious links or banner ads.