If you are using banking or cryptocurrency apps on your mobile phone, you need to read on. An Android Banking Trojan called Flash Player has affected over 232 banking apps, many of which are mobile apps of prominent Indian public as well as private banks. Android mobile phone users having third party app stores - an online app market to install apps, just like Google Play but not owned by Android OS or Google - run the risk of accidentally downloading this malware, putting confidential security details like netbanking customer id and password at risk. Links to download this can also come through spam emails or SMS.
The malware targets through a simple but hideous process: it enters your mobile phone through a fake Flash Player (picture below). Its striking similarity to Adobe Flash can trick people into downloading it. Once installed, you have no option but to give it administrative rights as the malware will keep on popping up until you allow it to access your mobile phone details. The app automatically hides in the background and keeps track of all activities on your mobile device.
In a report published on Quickheal Security Labs, the malware can affect as many as 232 banking as well as cryptocurrency apps world over. As soon as it tracks activity on any of these apps, the Trojan generates fake notification on your mobile screen asking confidential security details. If Flash Player malware tracks a banking app, it seeks your customer id and password details.
Targeted banking, cryptocurrency apps
Major banking apps targeted due to the Android Banking Trogan are Axis Mobile, HDFC Bank Mobile Banking, SBI Anywhere Personal, HDFC Bank Mobile Banking LITE, iMobile by ICICI Bank, IDBI Bank GO Mobile+, Abhay by IDBI Bank Ltd, IDBI Bank GO Mobile, IDBI Bank mPassbook, Baroda mPassbook, Union Bank Mobile Banking, Union Bank Commercial Clients. The malware can also target through cryptocurrency apps like Bitfinex, Bitcoinium, Bitcoin Ticker Widget, Bitcoin Price, BitCoin Wallet, Blockchain Merchant, Bitcoin and Ether Wallet, CoinMarketCapp among others.
Data breach is a huge online security threat with most cyber crime victims being big businesses and financial organizations. As per Quickheal, more than 1,200 incidents of malware affecting computing as well as mobile devices were reported in 2017 alone.
Adobe Flash Player is used for streaming multimedia files, including audio, video, and rich internet apps, on mobile as well as computer devices. The Adobe Flash Player comes inbuilt in latest mobile phones. As per Quickheal, Adobe Systems have discontinued Adobe Flash Player after the Android 4.1 version.
Keep mobile phone away from trouble's way
- Use Google PlayStore to download apps. Third party stores may offer free download for paid apps but they can put your device at risk.
- Don't download apps through SMSs or emails. Spam email can direct you to third-party stores or unknown resources.
- Install an authentic mobile security app that can detect fake apps or malwares.
- If you are using Outlook email and you have turned on image preview option, disable it.
- Don't use websites that distributes Trojan files or malwares.