The virus was discovered by researchers at Quick Heal Security Labs and would also target PayPal, Amazon and AirBnB apps
2017 was a nightmare year for Android users. Google's mobile operating system has been targeted by hackers who daily develop new malware and viruses to take over smartphones and steal users' personal information. Despite the Mountain View company's efforts to try and curb the phenomenon, hackers are exploiting stores made by third parties to release their malware.
Such is the case with the new banking malware discovered by researchers at Quick Heal Security Labs, who uncovered a virus targeting Android apps from 232 banks. "Android.banker.A9480", this is the name of the malware, spreads through a fake Flash Player application present on a third-party store. When the user installs the app, in addition to the Flash Player he also gets a virus that works in the background and shows up when users try to enter the banking app. Here's how "Android.banker.A9480" works and how to defend against the malware.
How the banking malware works
When you download the malicious Flash Player app, it asks users for a lot of permissions to work (and this should already make users worry): GPS, contacts, SMS, camera and microphone. If the user tries to deny permissions, the application keeps showing permissions pop-ups all the time. Once all permissions are granted and the application is installed, the virus can start operating. When the user opens a banking app, instead of showing the app's home page, the malware causes a fake login page to be displayed on the screen in order to steal the user's credentials. The operation of "Android.banker.A9480" is not different from other malware launched on Android so far.
According to the researchers, besides targeting banking apps, the malware is also dangerous for shopping apps such as PayPal, Amazon, AirBnB and eBay. But also for cryptocurrency apps, the new sector that hackers are targeting to make easy money. In addition to application access data, the virus also collects information from SMS messages (allowing hackers to bypass two-factor authentication) and via the device's GPS.
How to defend yourself against the banking virus
From the list of 232 banks, there doesn't seem to be any that operate in the Italian market. So, users in the Bel Paese should be safe from this virus. Another thing to keep in mind is that Flash Player is an application that is now unused by both software houses and users, due to IT security issues.
To defend yourself against this kind of banking malware, in most cases you just need to be careful: never download applications outside of the Google Play Store. Third-party stores are a hacker's paradise that can hide viruses and malware inside the apps without anyone checking. Google's online store, on the other hand, has protections that repel any fraudulent attempts by hackers.