​Big four bank mobile apps hit by malware

​Big four bank mobile apps hit by malware

ANZ Bank, Commonwealth Bank, National Australia Bank, and Westpac have all been affected

Image: ESET

Image: ESET

Australia’s big four banks have been hit by a new strain of Android malware that can steal the login credentials of mobile banking users.

Mobile apps used by customers of ANZ Bank, Commonwealth Bank, National Australia Bank, and Westpac have all been affected. Banks in New Zealand and Turkey have also been targeted.

The malware, Android/Spy.Agent/SI, was discovered by researchers at ESET.

It presents victims with a fake version of the login screen of their banking application and locks the screen until they enter their username and password, ESET researchers said.

Thieves can use the stolen credentials to log into the victim’s account remotely and transfer money out. They can also get the malware to send them all of the SMS text messages received by the infected device and remove these, ESET said.

“This allows SMS-based two-factor authentication of fraudulent transactions to be bypassed, without raising the suspicions of the device’s owner,” said Lukas Stefanko, an ESET malware researcher who specialises in Android malware.

According to ESET, the Trojan spreads as an imitation of the Adobe Flash Player app. After being downloaded and installed, the app requests device administrator rights to protect itself from being easily uninstalled from the device.

After that, the malware checks if any target banking applications are installed on the device, ESET explained.

If so, it receives fake login screens for each banking app from its command and control server. Then once the victim launches a banking app, a fake login screen appears over the top of the legitimate app, leaving the screen locked until the victim submits their banking credentials, ESET said.

“The attack has been massive and it can be easily re-focused to any other set of target banks,” said Stefanko.

ESET explains how to remove the malware here.

Follow CIO Australia on Twitter and Like us on Facebook… Twitter: @CIO_Australia, Facebook: CIO Australia, or take part in the CIO conversation on LinkedIn: CIO Australia

Follow Byron Connolly on Twitter:@ByronConnolly

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwareAndroidWestpaccommonwealth bankanz bankNABesetNational Australia Bankmobile appLukas Stefanko

More about Commonwealth BankESETFacebookNational Australia BankTwitterWestpac

Show Comments