Android users who use banking apps on their devices could be at risk of malware.
Malware is short for malicious software and is designed to gain access or damage a device without the knowledge of the owner. Generally, software is considered malware based on the intent of the creator rather than its actual features.
This particular malware hides on an infected device until the user opens a legitimate banking app, it then superimposes a fake login screen over the top to capture usernames and passwords.
The malware is already targeting over 20 major banks in Australia, New Zealand and Turkey.
Thanks to its ability to intercept SMS communications, the malware is also able to bypass SMS-based two-factor authentication. With this information, thieves can login into the banking app from anywhere in the world and transfer funds.
ESET detected the malware and found it was imitating Adobe Flash Player, which is a common application that many website require to stream videos. Once the fake Flash application is installed, it requests administrator rights, checks for installed banking applications and then sends the information back to base to download the matching fake login screen.
The malware attack has evolved over time, becoming more sophisticated as hackers update the software to defeat security countermeasures, says ESET senior research fellow Nick FitzGerald.
"This is a significant attack on the banking sector in Australia and New Zealand, and shouldn't be taken lightly," FitzGerald says.
"While 20 banking apps have been targeted so far, there's a high possibility the e-criminals involved will further develop this malware to attack more banking apps in the future."
The fake Flash Player app does not come from the official Google Play store, instead phone users are tricked into thinking it’s a legitimate app via websites or popups.
For the malware to work, users must override the default security option and accept apps from unknown sources.
A Google spokesperson warned against allowing your phone to install any applications downloaded from the web.
"It's important to only install applications from sources you trust, such as Google Play", the spokesperson said.
"Over 1 billion devices are protected with Google Play which conducts 200 million security scans of devices per day
To find out if your Android device is infected, go to Settings>Security>Device Administrators. If you see an app called Adobe Flash Player in this menu, remove it immediately. It will generate a fake warning about data being lost but it is safe to disable. Once this has been completed uninstall the malware via Settings>Apps/Application Manager>Flash Player>Uninstall.
In some cases the malware superimposes a fake warning over the Device Administration list to prevent deactivation. The solution is to restart the Android device in Safe Mode, which restarts the device with all installed apps disabled, preventing the malware from blocking access to the Device Administration list.
To prevent an attack like this in the future, make sure you NEVER override the default security option to accept apps from unknown sources and always download apps from the official Google Play Store.
Westpac, Bendigo Bank, Commonwealth Bank, St. George Bank, National Australia Bank, Bankwest, Me Bank, ANZ Bank, ASB Bank, Bank of New Zealand, Kiwibank, Wells Fargo, Halkbank, Yapı Kredi Bank, VakıfBank, Garanti Bank, Akbank, Finansbank, Türkiye İş Bankası and Ziraat Bankası.