Home Malware Sophisticated Malware Attack Hijacking Australian Banking Apps on Android Phones

Sophisticated Malware Attack Hijacking Australian Banking Apps on Android Phones

by Brett M. Christensen

Brief Analysis:
Cybercriminals are targeting customers of several Australian banks who use banking apps on Android phones to access their accounts. The attack is perpetrated via sophisticated malware that can hijack the genuine bank apps on the phones, thereby stealing account login details and even two factor authentication codes.  The malware is getting on to Android phones by tricking users into installing what they believe is the Adobe Flash Player application.  The malware comes via compromised websites and fake update messages. It is important that you only download Android applications via trusted sources such as Google Play.

Australian Bank Malware

Detailed Analysis:
Cybersecurity experts are warning Android phone users about a quite sophisticated malware attack that is targeting customers of several Australian banks, including the ‘Big Four’, Commonwealth, ANZ, National Australia, and Westpac.

The malware is infecting phones by masquerading as the Adobe Flash Player application. Information about the attack on security firm Eset’s website notes:

The Trojan spreads as an imitation of Flash Player application. After being downloaded and installed, the app requests Device administrator rights, to protect itself from being easily uninstalled from the device. After that, the malware checks if any target banking applications are installed on the device. If so, it receives fake login screens for each banking app from its command & control server. Then, once the victim launches a banking app, a fake login screen appears over the top of the legitimate app, leaving the screen locked until the victim submits their banking credentials.

The malware can even intercept two-factor authentication codes sent via SMS to the infected phone.  Thus, the malware can not only steal the user’s bank login details but also grab the authentication code, thus allowing the criminals to easily hijack the victim’s bank account.

It should be noted that the malware is targeting customers of a number of smaller Australian and New Zealand based banks as well as  the Big Four. It is also targeting customers of some Turkish banks. And, the list of targeted financial institutions may grow over time.

The malware is spread via compromised websites and messages urging users to download the fake Flash Player.

It is important that Android users only download applications from trusted sources such as Google Play. Eset has published a technical analysis of the threat along with instructions for removing the malware should your phone be infected.

Last updated: March 14, 2016
First published: March 14, 2016
By Brett M. Christensen
About Hoax-Slayer

Malware hijacks big four Australian banks’ apps, steals two-factor SMS codes
Android bank app users targeted in sophisticated cybercrime attack
Android banking trojan masquerades as Flash Player and bypasses 2FA
Android Trojan Targets Customers of 20 Major Banks
Malware Threat Articles


Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,