It isn’t easy being an Android owner down here in Australia, or even in New Zealand, as customers of the major banks become threatened by a nasty piece of malware.
There’s never been a better time to grab one of the free mobile security apps on Android, or even one of the paid ones, especially now that mobile banking is under threat from a particularly nasty piece of software that attempts to pose as the login for a bank you use to hijack your credentials and send them to a cybercriminal.
Security company ESET has picked up on an app that does exactly this, with the app pretending to be a copy of Adobe’s Flash Player for Android, which doesn’t exist anymore, much like Internet Explorer for Mac. In both of these cases, if you go looking for them and “find them”, chances are you’ll be downloading a virus of some kind.
And that’s what this fake version of Flash is, with the malware coming from a random location and running in the background once installed. From this point, the fake Flash sends device information to a server without your permission, gathering the names of applications installed on your device and sending this list to someone on the other end.
If you have an app that this scam can attack, it will, and once it knows you have an app of say St George, ANZ, or Westpac, it will load up a login screen on your phone pretending to be that bank.
Here’s the kicker: while the overlay isn’t terribly convincing, you can’t actually get out of the login screen without entering your details, making it the sort of thing people will follow regardless of if they believe it or not.
When the details are entered, however, they’re sent to a server without your permission, and the login screen will close, as your details are transmitted into the ether and your bank accounts broken into not long after.
Worse, ESET’s people say that two-factor authentication can be bypassed, with the hacker able to intercept text messages from the bank and remove them from your device, stopping you from thinking anything is wrong.
“This is a significant attack on the banking sector in Australia and New Zealand, and shouldn’t be taken lightly,” said Nick FitzGerald, Senior Research Fellow at ESET.
“While 20 banking apps have been targeted so far, there’s a high possibility the e-criminals involved will further develop this malware to attack more banking apps in the future.”
Of those 20 banking apps, quite a few are located in Australia, with Westpac, Commonwealth Bank, St. George Bank, NAB, ANZ, Bendigo Bank, and Bankwest all included, while New Zealand and Turkey are both affected alongside Australia.
The inclusion of Turkey is a rather surprising one, though Fitzgerald notes that there’s more than just banks included here, with services from other parts of the world.
“The targeted apps list also includes eBay and PayPal among other non-banking apps,” he said. “Although not necessarily directly attacked in the malware variants we have seen, the inclusion of these apps in that list may be signs of other targets the malware’s authors are considering.”