It isn’t easy being an Android owner down here in Australia, or even in New Zealand, as customers of the major banks become threatened by a nasty piece of malware.
There’s never been a better time to grab one of the free mobile security apps on Android, or even one of the paid ones, especially now that mobile banking is under threat from a particularly nasty piece of software that attempts to pose as the login for a bank you use to hijack your credentials and send them to a cybercriminal.
Security company ESET has picked up on an app that does exactly this, with the app pretending to be a copy of Adobe’s Flash Player for Android, which doesn’t exist anymore, much like Internet Explorer for Mac. In both of these cases, if you go looking for them and “find them”, chances are you’ll be downloading a virus of some kind.
And that’s what this fake version of Flash is, with the malware coming from a random location and running in the background once installed. From this point, the fake Flash sends device information to a server without your permission, gathering the names of applications installed on your device and sending this list to someone on the other end.
If you have an app that this scam can attack, it will, and once it knows you have an app of say St George, ANZ, or Westpac, it will load up a login screen on your phone pretending to be that bank.
Here’s the kicker: while the overlay isn’t terribly convincing, you can’t actually get out of the login screen without entering your details, making it the sort of thing people will follow regardless of if they believe it or not.
When the details are entered, however, they’re sent to a server without your permission, and the login screen will close, as your details are transmitted into the ether and your bank accounts broken into not long after.