New Android malware targets banking applications. Malware – as experts have warned Fortinet – is capable of stealing data from 94 programs. Capable of intercepting SMS, which means it can beat system transaction verification codes for text messages.
Using a banking application for Android? Be vigilant because the network about a new variant of malware that attacks mobile applications among the largest banks Poland, United States, Germany and France. The program is able to steal login data from a total of 94 different applications. With the ability to capture SMS communication, malware can also bypass the two-step verification mechanism based on phone eject codes. Vulnerable are also popular social networking applications. This type of icon impersonating malware Flash Player. Once installed, it appears in the list of applications on the phone.
After launching the app appears on the screen asked to give a false root to Google Play. Only order acceptance allows you to close a persistent display window. After granting permission Flash Player icon disappears from the list of applications, but the program itself is active in the background. List of powers conferred is long and includes, among others, the ability to send and receive SMS messages, complete network access and modify system settings.
When you start a banking application on the infected device, it appears on the screen generated by the malware requested credentials. This data is then sent to the cybercriminals server. The attacker targeted the following banks operating in Poland, BZ WBK, Eurobank, Getin Bank, ING, mBank, Millennium, Pekao, PKO BP and Raiffeisen Polbank.
Malicious software attacks also Google Play applications, Facebook, Facebook Messenger, WhatsApp, Skype, Snapchat, Twitter, Instagram and Viber. When they start the screen appears asking for a credit card, which then also fall into the hands wyłudzaczy.
How to get rid of this dangerous program when it reaches infection? There are two methods. First, the user can disable administrator privileges for the application, and then just uninstall it. The second method is to use the ADB console (Android Debug Bridge) and the “Adm uninstallation [packagename] command.” It allows you to bypass the mechanism to persistently display a dialog requesting authorization.