Sophisticated Malware Attack Hijacking Australian Banking Apps on Android Phones

Brief Analysis:
Cybercriminals are targeting customers of several Australian banks who use banking apps on Android phones to access their accounts. The attack is perpetrated via sophisticated malware that can hijack the genuine bank apps on the phones, thereby stealing account login details and even two factor authentication codes.  The malware is getting on to Android phones by tricking users into installing what they believe is the Adobe Flash Player application.  The malware comes via compromised websites and fake update messages. It is important that you only download Android applications via trusted sources such as Google Play.

Australian Bank Malware

Detailed Analysis:
Cybersecurity experts are warning Android phone users about a quite sophisticated malware attack that is targeting customers of several Australian banks, including the ‘Big Four’, Commonwealth, ANZ, National Australia, and Westpac.

The malware is infecting phones by masquerading as the Adobe Flash Player application. Information about the attack on security firm Eset’s website notes:

The Trojan spreads as an imitation of Flash Player application. After being downloaded and installed, the app requests Device administrator rights, to protect itself from being easily uninstalled from the device. After that, the malware checks if any target banking applications are installed on the device. If so, it receives fake login screens for each banking app from its command & control server. Then, once the victim launches a banking app, a fake login screen appears over the top of the legitimate app, leaving the screen locked until the victim submits their banking credentials.

The malware can even intercept two-factor authentication codes sent via SMS to the infected phone.  Thus, the malware can not only steal the user’s bank login details but also grab the authentication code, thus allowing the criminals to easily hijack the victim’s bank account.

It should be noted that the malware is targeting customers of a number of smaller Australian and New Zealand based banks as well as  the Big Four. It is also targeting customers of some Turkish banks. And, the list of targeted financial institutions may grow over time.

The malware is spread via compromised websites and messages urging users to download the fake Flash Player.

It is important that Android users only download applications from trusted sources such as Google Play. Eset has published a technical analysis of the threat along with instructions for removing the malware should your phone be infected.

Last updated: March 14, 2016
First published: March 14, 2016
By Brett M. Christensen
About Hoax-Slayer

Malware hijacks big four Australian banks’ apps, steals two-factor SMS codes
Android bank app users targeted in sophisticated cybercrime attack
Android banking trojan masquerades as Flash Player and bypasses 2FA
Android Trojan Targets Customers of 20 Major Banks
Malware Threat Articles