InsightPortal Logo


Android banking malware targets over 200 bank apps

A new Android banking trojan is said to have targeted over 200 bank apps

An android banking trojan has been discovered, targeting users of several hundred banking apps, mostly located in India. Known as Android.banker.A2f8a and Android.banker.A9480, several security companies have identified the malware and are warning users of its potential to steal credentials.

The malware masks itself as an Adobe Flash update from a variety of third party app stores, and can also target users' devices via SMS messages that feature similar copy to an official text message alert from a given bank.

Once installed, the malicious application displays deceitful pop-up messages, asking for users to allow multiple android permissions for the app. Even if a user initially denies the pop-up message, the pop-up may be thrown at times when a touch is anticipated in the exact area of the button, making users grant permissions unknowingly. Once granted, the app icon hides as a background process.

The malware then proceeds to send a push notification from one of the several hundred banking apps, appearing to ask for login credentials and reauthentication.

QTF Recommends: Do not install apps from unknown sources or third-party app stores unless fully certain of their legitimacy and validity. Do not open links or complete actions from any text messages that you suspect may be illegitimate. Double-check suspicious texts and emails by visiting your bank in-branch or via a telephone call.


Impact Rating: 3