New malware scam targets Aussie mobile banking apps

A new scam has been detected that targets users of Aussie mobile banking apps.

woman using a mobile banking app on her smartphone

Sophisticated malware that can steal passwords and bypass two-factor authentication is currently targeting users of Australian mobile banking apps.

The virus specifically infects Android phones, with customers of the big four banks, Commonwealth Bank, ANZ, Westpac and the National Bank of Australia, the main targets. However, BankWest, Bendigo Bank, St George Bank, Bank of New Zealand, Wells Fargo and Kiwibank are also among those considered vulnerable.

The malware, discovered by antivirus pioneers ESET, presents victims with a fake login screen that they actually access via their legitimate banking application.

Customers are then asked to enter their passwords, after which the malware creators steal customer details and the money from their accounts remotely.

The thieves can also intercept two-factor authentication, which would usually protect customers from these types of scams.

“This allows SMS-based two-factor authentication of fraudulent transactions to be bypassed, without raising the suspicions of the device’s owner,” said ESET researcher Lukas Stefanko. “The attack has been massive and it can be easily refocused to any other set of target banks.”

The malware spreads through an imitation Flash Player app, which would most likely have been downloaded by an unwitting customer from an untrustworthy source.

“It’s an ongoing problem with Android devices, because of the open source nature of the platform ... There’s been a number of malware aimed at banking apps,” said cyber security expert Matthew Warren.

Apple users can only download apps from the Apple Store, whereas Android users can download them from anywhere.

Mr Warren suggest that Android users should install antivirus or malware protection software, especially if they’re using their device to access banking details.

If you think you are infected by the malware, you can remove it from the device by going to Settings > Security > Device administrators > Flash Player > Deactivate.

You can then uninstall the offending Flash Player app.

Have you been affected by this malware? How did you find out?

Read more at Business Insider



    To make a comment, please register or login
    11th Mar 2016
    I never do my banking from my mobile phone, thats really asking for trouble
    Young Simmo
    11th Mar 2016
    bubby, I have to disagree, we have been using Net Bank since about 2000 and not a single problem. If you use it properly it is fool proof. We pay our bills and top up our $500 Visa Card etc, etc. By going in daily we have the latest info, instead of waiting 3 or 4 weeks for a statement to find something wrong. Yes the $500 Visa means others cannot steal $1000s and if we want to use it for something costing 2 or 3 thousand we just top it up with Net-Bank.
    Life is a breeze.
    11th Mar 2016
    Does this threat apply to users of Android tablets?
    Now I'm scared to open up or do any banking online.
    Is AVG good enough?
    11th Mar 2016
    in a word YES it does apply to tablets. AVG is ok but you probably want to look at the paid for version not just the free version. And always make sure you open sites in a safe/secure mode. Look for the https:// in the url with a padlock symbol if transacting. And never use public wifi for financial transactions either.
    11th Mar 2016
    Thanks, KSS. You're a pal.
    11th Mar 2016
    Went to the bank this 'arvo' and they weren't aware of any scam ..... !!!
    11th Mar 2016
    Time to go back to cash....??
    11th Mar 2016
    never use my mobile for banking. too risky
    12th Mar 2016
    The 'Stay Smart" website run by the federal government rates this scam as "High Priority Alert"

    18th Aug 2019
    It actually hurts and bring tears to my eyes when I read comments of scammed victims ripped off by BINARY OPTIONS AND FAKE HACKERS. I know actually know how it feels and hurts to lose money you have worked half of your life for to invest with the thoughts of getting returns when you are retired. It was all a scam in the end.

    STOP BEING SCAMMED BY THESE BINARY OPTIONS AND FAKE HACKERS. The Cybersecurity has had enough of complains from clients over the months who has one way or the other being a victim of the BINARY OPTION OR RECOVERY SCAMS or any desired Hacking Services. I'm willing to put an end to these unbearable swindle scheme taking over the internet and taking a step forward to render solution to those affected and help them get every penny they lost. Hack Ethics is an experienced Private Hacking and Certified Binary Recovery Expert Organization with a spare master key that no one has. Service takes just within 48 hours. Hire an Ethical Hacking Expert who's professional and real. Specialized in any desired Hacking Services. CONTACT EMAIL OR SKYPE - HACKETHICS008@GMAIL.COM. Website -

    Join YOURLifeChoices, it’s free

    • Receive our daily enewsletter
    • Enter competitions
    • Comment on articles