Quick Heal Security Labs has detected two banking Trojan malware designed to steal financial data by using popular social and banking apps. Reading this post will help you understand how this malware works and how can you protect yourself against it.
What is a banking Trojan?
Banking Trojans (also known as Banker Trojan-horse) are malicious programs used to obtain sensitive information about customers who use online banking and payment systems.
About the banking Trojans detected by Quick Heal Security Labs
The banking Trojan malware detected by Quick Heal Security Labs mask themselves with the icon of Adobe Flash Player and the name ‘update’ (fig 1).
1. Which apps are imitated by the banking Trojans?
The banking Trojan imitates a variety of social media, banking and finance-related apps. These include WhatsApp, Facebook, Skype, Instagram, Twitter, and apps of some popular banks in India.
2. How does the banking Trojans work?
• Once installed on a phone, the malware gain access to special privileges by forcing the user to select the ‘Activate’ button (fig 2)
• The malware maintain a list of apps it has been designed to imitate. And so, after gaining special privileges, it searches for these apps on the infected phone.
• Now, if the user opens any of these apps (banking or social media), the Trojan displays a fake window asking for a credit/debit card number. Unless this number is provided, this window prevents the user from accessing the app (fig 3).
• If the user provides a card number, the Trojan shares this info with a malicious server controlled by the attacker.
How Quick Heal helps
Quick Heal Mobile Security apps detect and blocks these banking Trojans as:
This means, if your Android phone has the Quick Heal app installed on it, these malware won’t be able to infect the device and steal your banking information.
Tips to stay away from Android malware
For a detailed analysis on the banking Trojan, click here.