By navigating our site, you agree to allow us to use cookies, in accordance with our Privacy Policy.

Android Trojans are Peeping Mobile Banking Habits – Study

Android Trojans

A major IT security solutions provider claims to have unearthed a strain of Android malware that can surreptitiously penetrate the login screen of mobile banking users and impersonate the users to share their login credentials.

The malware, detected by ESET security systems as Android/Spy.Agent.SI, camouflages victims with a fake version of the login screen of their banking application and locks the screen until they enter their username and password. Using the stolen credentials, the thieves can then log in to the victim’s account remotely and transfer money out. They can even get the malware to send them all of the SMS text messages received by the infected device, and remove these.

Lukas Stefanko, ESET Malware Researcher who specializes in Android malware said, “This allows SMS-based two-factor authentication of fraudulent transactions to be bypassed, without raising the suspicions of the device’s owner”.

The Trojan disseminates as an imitation of Flash Player application. After being downloaded and installed, the app requests Device administrator rights, to protect it from being easily uninstalled from the device. After that, the malware checks if any target banking applications are installed on the device. If so, it receives fake login screens for each banking app from its command & control server. Then, once the victim launches a banking app, a fake login screen appears over the top of the legitimate app, leaving the screen locked until the victim submits their banking credentials.

This malware is subject to ongoing development. While its first versions were simple, and their malicious purpose easily identifiable, the most up-to-date versions feature better obfuscation and encryption.

The campaign discovered by ESET researchers’ targets major banks in Australia, New Zealand and Turkey. In fact, the 20 financial institutions currently targeted by the app include the largest retail banks in each of the three countries.

“The attack has been massive and it can be easily re-focused to any another set of target banks,” warns Lukas Stefanko.

Further info on the malware can be found on a blog:


BiS Team

BIS Infotech is a vivid one stop online source protracting all the exclusive affairs of the Consumer and Business Technology. We have well accomplished on delivering expert views, reviews, and stories empowering millions with impartial and nonpareil opinions. Technology has become an inexorable part of our daily lifestyle and with BIS Infotech expertise, millions of intriguers everyday are finding for itself a crony hangout zone.

Related Articles

Upcoming Events