Australia’s big four banks have been hit by a new strain of Android malware that can steal the login credentials of mobile banking users.
Mobile apps used by customers of ANZ Bank, Commonwealth Bank, National Australia Bank, and Westpac have all been affected. Banks in New Zealand and Turkey have also been targeted.
The malware, Android/Spy.Agent/SI, was discovered by researchers at ESET.
It presents victims with a fake version of the login screen of their banking application and locks the screen until they enter their username and password, ESET researchers said.
Thieves can use the stolen credentials to log into the victim’s account remotely and transfer money out. They can also get the malware to send them all of the SMS text messages received by the infected device and remove these, ESET said.
“This allows SMS-based two-factor authentication of fraudulent transactions to be bypassed, without raising the suspicions of the device’s owner,” said Lukas Stefanko, an ESET malware researcher who specialises in Android malware.
According to ESET, the Trojan spreads as an imitation of the Adobe Flash Player app. After being downloaded and installed, the app requests device administrator rights to protect itself from being easily uninstalled from the device.
After that, the malware checks if any target banking applications are installed on the device, ESET explained.
If so, it receives fake login screens for each banking app from its command and control server. Then once the victim launches a banking app, a fake login screen appears over the top of the legitimate app, leaving the screen locked until the victim submits their banking credentials, ESET said.
“The attack has been massive and it can be easily re-focused to any other set of target banks,” said Stefanko.
ESET explains how to remove the malware here.
Follow Byron Connolly on Twitter:@ByronConnolly
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.