Alert! Quick Heal detects banking Trojan malware seeking financial data using popular social media and banking apps

Quick Heal Security Labs has detected two banking Trojan malware designed to steal financial data by using popular social and banking apps. Reading this post will help you understand how this malware works and how can you protect yourself against it.

What is a banking Trojan?
Banking Trojans (also known as Banker Trojan-horse) are malicious programs used to obtain sensitive information about customers who use online banking and payment systems.

About the banking Trojans detected by Quick Heal Security Labs
The banking Trojan malware detected by Quick Heal Security Labs mask themselves with the icon of Adobe Flash Player and the name ‘update’ (fig 1).

Fig 1

1. Which apps are imitated by the banking Trojans?

The banking Trojan imitates a variety of social media, banking and finance-related apps. These include WhatsApp, Facebook, Skype, Instagram, Twitter, and apps of some popular banks in India.

2. How does the banking Trojans work?

• Once installed on a phone, the malware gain access to special privileges by forcing the user to select the ‘Activate’ button (fig 2)

Fig 2

• The malware maintain a list of apps it has been designed to imitate. And so, after gaining special privileges, it searches for these apps on the infected phone.

• Now, if the user opens any of these apps (banking or social media), the Trojan displays a fake window asking for a credit/debit card number. Unless this number is provided, this window prevents the user from accessing the app (fig 3).

• If the user provides a card number, the Trojan shares this info with a malicious server controlled by the attacker.

Fig 3

How Quick Heal helps
Quick Heal Mobile Security apps detect and blocks these banking Trojans as:

• Marcher.C
• Asacub.T

This means, if your Android phone has the Quick Heal app installed on it, these malware won’t be able to infect the device and steal your banking information.

Tips to stay away from Android malware

1. Avoid downloading apps from third-party app stores or links provided in SMSs or emails.
2. Always keep ‘Unknown Sources’ disabled. Enabling this option allows installation of apps from third-party sources.
3. Verify app permissions before installing any app even from official stores such as Google Play.
4. Keep Play Protection service ‘ON’.
5. Install a reliable mobile security app that can detect and block fake and malicious apps before they can infect your device.
6. Always keep your device OS and mobile security app up-to-date. Attackers almost always target outdated apps and phones.

For a detailed analysis on the banking Trojan, click here.

Rajiv Singha