Blog
Rajiv Singha

Alert! Quick Heal detects banking Trojan malware seeking financial data using popular social media and banking apps

June 13, 2018
  • 70
    Shares
2
Estimated reading time: 2 minutes

Quick Heal Security Labs has detected two banking Trojan malware designed to steal financial data by using popular social and banking apps. Reading this post will help you understand how this malware works and how can you protect yourself against it.

What is a banking Trojan?
Banking Trojans (also known as Banker Trojan-horse) are malicious programs used to obtain sensitive information about customers who use online banking and payment systems.

About the banking Trojans detected by Quick Heal Security Labs
The banking Trojan malware detected by Quick Heal Security Labs mask themselves with the icon of Adobe Flash Player and the name ‘update’ (fig 1).

Fig 1

1. Which apps are imitated by the banking Trojans?

The banking Trojan imitates a variety of social media, banking and finance-related apps. These include WhatsApp, Facebook, Skype, Instagram, Twitter, and apps of some popular banks in India.

2. How does the banking Trojans work?

• Once installed on a phone, the malware gain access to special privileges by forcing the user to select the ‘Activate’ button (fig 2)

Fig 2

• The malware maintain a list of apps it has been designed to imitate. And so, after gaining special privileges, it searches for these apps on the infected phone.

• Now, if the user opens any of these apps (banking or social media), the Trojan displays a fake window asking for a credit/debit card number. Unless this number is provided, this window prevents the user from accessing the app (fig 3).

• If the user provides a card number, the Trojan shares this info with a malicious server controlled by the attacker.

Fig 3

How Quick Heal helps
Quick Heal Mobile Security apps detect and blocks these banking Trojans as:

  • Marcher.C
  • Asacub.T

This means, if your Android phone has the Quick Heal app installed on it, these malware won’t be able to infect the device and steal your banking information.

Tips to stay away from Android malware

  1. Avoid downloading apps from third-party app stores or links provided in SMSs or emails.
  2. Always keep ‘Unknown Sources’ disabled. Enabling this option allows installation of apps from third-party sources.
  3. Verify app permissions before installing any app even from official stores such as Google Play.
  4. Keep Play Protection service ‘ON’.
  5. Install a reliable mobile security app that can detect and block fake and malicious apps before they can infect your device.
  6. Always keep your device OS and mobile security app up-to-date. Attackers almost always target outdated apps and phones.

For a detailed analysis on the banking Trojan, click here.

Have something to add to this story? Share it in the comments.

Rajiv Singha
About Rajiv Singha
Rajiv is an IT security news junkie and a computer security blogger at Quick Heal. He is passionate about promoting cybersecurity awareness, content and digital...
Articles by Rajiv Singha »

2 Comments

Your email address will not be published.

CAPTCHA Image

  1. Bharat DashJune 26, 2018 at 9:14 PM

    Thanks

    Reply