Sophisticated malware that can steal passwords and bypass two-factor authentication is currently targeting users of Australian mobile banking apps.
The virus specifically infects Android phones, with customers of the big four banks, Commonwealth Bank, ANZ, Westpac and the National Bank of Australia, the main targets. However, BankWest, Bendigo Bank, St George Bank, Bank of New Zealand, Wells Fargo and Kiwibank are also among those considered vulnerable.
The malware, discovered by antivirus pioneers ESET, presents victims with a fake login screen that they actually access via their legitimate banking application.
Customers are then asked to enter their passwords, after which the malware creators steal customer details and the money from their accounts remotely.
The thieves can also intercept two-factor authentication, which would usually protect customers from these types of scams.
“This allows SMS-based two-factor authentication of fraudulent transactions to be bypassed, without raising the suspicions of the device’s owner,” said ESET researcher Lukas Stefanko. “The attack has been massive and it can be easily refocused to any other set of target banks.”
The malware spreads through an imitation Flash Player app, which would most likely have been downloaded by an unwitting customer from an untrustworthy source.
“It’s an ongoing problem with Android devices, because of the open source nature of the platform … There’s been a number of malware aimed at banking apps,” said cyber security expert Matthew Warren.
Apple users can only download apps from the Apple Store, whereas Android users can download them from anywhere.
Mr Warren suggest that Android users should install antivirus or malware protection software, especially if they’re using their device to access banking details.
If you think you are infected by the malware, you can remove it from the device by going to Settings > Security > Device administrators > Flash Player > Deactivate.
You can then uninstall the offending Flash Player app.
Have you been affected by this malware? How did you find out?
Read more at Business Insider