A new Android malware is found to affect numerous Indian banking apps, definitely, the Internet is not having a good start this year. The malware is said to affect more than 232 Indian banking and cryptocurrency apps.
ALSO READ: Judy Android Malware Infects Over 36.5 Millions Of Android Devices!
Android Malware Hits India
The malware was discovered by Quick Heal and is named as ‘Android.banker.A9480’. This is regarded much like any other malware found on smartphones, which is designed to steal the user’s login credentials.
According to Quick Heal, the malware is being spread as a part of a fake Flash Player app on third-party stores. Once installed, the malware asks for users administrative permissions and once given, the malware app hides its icon.
ALSO READ: Lenovo’s New ThinkPad Models Are Light Weight, Have Security Covers!
The malware then, ‘hijacks’ SMS, uploads contact lists and SMS on a malicious server. The malware shows an overlay screen on the smartphone over legit apps. The overlay screen is actually meant to capture the login details of the user in order to send it to the servers.
Check whether you are being scanned?
- Go to settings on your smartphone.
- Go to the Apps.
- On the right-side corner, tap the dots, show system.
- Search the package (according to your banking partner, given down below).
- Check how to safeguard yourselves from this malware (end of the article).
Some of the targeted baking apps in India:
-axis.mobile (Axis Mobile)
-snapwork.hdfc (HDFC Bank MobileBanking)
-sbi.SBIFreedomPlus (SBI Anywhere Personal)
-hdfcquickbank (HDFC Bank MobileBanking LITE)
-csam.icici.bank.imobile (iMobile by ICICI Bank)
-snapwork.IDBI (IDBI Bank GO Mobile+)
-idbibank.abhay_card (Abhay by IDBI Bank Ltd)
-com.idbi (IDBI Bank GO Mobile)
-idbi.mpassbook (IDBI Bank mPassbook)
-co.bankofbaroda.mpassbook (Baroda mPassbook)
-unionbank.ecommerce.mobile.android (Union Bank Mobile Banking)
-unionbank.ecommerce.mobile.commercial.legacy (Union Bank Commercial Clients)
Some targeted crypto-currency apps:
-bitfinex.bfxapp (Bitfinex)
-veken0m.cavirtex (Bitcoinium)
-brothas.mtgoxwidget (Bitcoin Ticker Widget)
-master.cointransaction (Bitcoin/Altcoin chart, alarm, ticker)
-leowandersleb.bitcoinsw (Flux Bitcoin Widget)
-ozgur.btcprice (Bitcoin Price)
-coinprices.allexchanges (Crypto Prices All-in-One)
-blockchain.android (Blockchain – Bitcoin & Ether Wallet)
-blockchain.merchant (Blockchain Merchant)
-hyperwallet.wubsprepaid (WUBS Prepaid)
-blocktrail.mywallet (BTC.com – Bitcoin Wallet)
-claimyourbits.btcsafari (BTC SAFARI – Free Bitcoin)
-handyapps.bitcoinpriceiq (Bitcoin Price IQ)
-schildbach.wallet (Bitcoin Wallet)
-blockfolio.blockfolio (Blockfolio Bitcoin / Altcoin App)
-org.freewallet.app (Bitcoin Wallet by Freewallet)
-bitcoin.crane.money (Bitcoin NewsCrane)
-coinmarketapp.app (Bitcoin CoinMarketCap.com (unofficial) / Altcoin)
-coinpayments.coinpaymentsapp (CoinPayments)
-org.freewallet.app (Bitcoin Cash Wallet by Freewallet)
-cenci7.coinmarketcapp (CoinMarketCapp – Blockchain Cryptocurrencies)
-benzneststudios.cryptostory (CryptoStory – Cryptocurrency Portfolio)
-langerhans.wallet (Dogecoin Wallet)
Other banking apps that are targeted by this Android malware:
-sberbankmobile
-sberbank.spasibo
-sberbank_sbbol
-sberbank.mobileoffice
-sberbank.sberbankir (Sberbank IR)
-alfabank.mobile.android
-alfabank.oavdo.amc
-st.alfa
-alfabank.sense
-alfadirect.app (Alfa-Direct)
-mw (Visa QIWI Wallet)
-raiffeisennews
-idamob.tinkoff.android (Tinkoff)
-tcsbank.c2c (Card 2 Card)
-tinkoff.mgp (Tinkoff Play: apply for a card)
-tinkoff.sme
-tinkoff.goabroad (FSSP FNS Russia)
-webmoney.my (WebMoney Keeper)
-rosbank.android (ROSBANK Online)
-vtb24.mobilebanking.android
-bm.mbm
-vtb.mobilebank (VTB Mobile)
-bssys.VTBClient (Mobile Client VTB)
-bssys.vtb.mobileclient (MobileClientVTB)
-simpls.mbrd.ui
-yandex.money
-simpls.brs2.mobbank
-akbank.android.apps.akbank_direkt (Akbank Direkt)
-akbank.android.apps.akbank_direkt_tablet (Akbank Direkt Tablet)
-akbank.softotp
-fragment.akbank
-ykb.android
-ykb.android.mobilonay
-ykb.avm
-ykb.androidtablet
-veripark.ykbaz
-softtech.iscek
-yurtdisi.iscep
-softtech.isbankasi
-monitise.isbankmoscow
-finansbank.mobile.cepsube
-enpara
-magiclick.FinansPOS (FinansPOS)
-matriksdata.finansyatirim (QNB Finansinvest)
-enpara.sirketim
-vipera.ts.starter.QNB (QNB Mobile)
-redrockdigimark (QNB National Day)
-garanti.cepsubesi (Garanti Mobile Banking)
-garanti.cepbank
-garantibank.cepsubesiro (GarantiBank)
-matriksdata.finansyatirim (QNB Finansinvest)
-mobinex.android.apps.cep_sifrematik
-garantiyatirim.fx (Garanti FX Trader)
-tmobtech.halkbank (Halkbank Mobil)
-SifrebazCep
-newfrontier.iBanking.mobile.Halk.Retail (Halkbank Mobile App)
-com.tradesoft.tradingsystem.gtpmobile.halk (Halk Trade)
-DijitalSahne.EnYakinHalkbank (Halkbank Nerede)
-ziraat.ziraatmobil (Ziraat Mobil)
-ziraat.ziraattablet (Ziraat Tablet)
-matriksmobile.android.ziraatTrader (Ziraat Trader)
-matriksdata.ziraatyatirim.pad (Ziraat Trader HD)
-comdirect.android (comdirect mobile App)
-commerzbanking.mobil (Commerzbank Banking App)
-consorsbank (Consorsbank)
-db.mm.deutschebank
-dkb.portalapp (DKB-Banking)
-de.dkb.portalapp
-ing.diba.mbbr2 (ING-DiBa Banking + Brokerage)
-postbank.finanzassistent (Postbank Finanzassistent)
-santander.de (Santander MobileBanking)
-fiducia.smartphone.android.banking.vr
-creditagricole.androidapp
-axa.monaxa
-banquepopulaire.cyberplus
-bnpparibas.mescomptes
-boursorama.android.clients
-caisseepargne.android.mobilebanking
-lcl.android.customerarea
-paypal.android.p2pmobile
-wf.wellsfargomobile
-wf.wellsfargomobile.tablet
-wellsFargo.ceomobile
-usbank.mobilebanking
-usaa.mobile.android.usaa
-suntrust.mobilebanking
-moneybookers.skrillpayments.neteller
-moneybookers.skrillpayments
-clairmail.fth
-konylabs.capitalone
-yinzcam.facilities.verizon
-chase.sig.android
-infonow.bofa
-bankofamerica.cashpromobile
-co.bankofscotland.businessbank
-grppl.android.shell.BOS
-rbs.mobile.android.natwestoffshore
-rbs.mobile.android.natwest
-rbs.mobile.android.natwestbandc
-rbs.mobile.investisir
-phyder.engage
-rbs.mobile.android.rbs
-rbs.mobile.android.rbsbandc
-co.santander.santanderUK
-co.santander.businessUK.bb
-sovereign.santander
-ifs.banking.fiid4202
-fi6122.godough
-rbs.mobile.android.ubr
-htsu.hsbcpersonalbanking
-grppl.android.shell.halifax
-grppl.android.shell.CMBlloydsTSB73
-barclays.android.barclaysmobilebanking
-ing.mobile (ING Bankieren)
-csob.smartbanking
-sberbankcz (Smart Banking)
-sporoapps.accounts
-sporoapps.skener (Platby)
-cleverlance.csas.servis24 (SERVIS 24 Mobilni banka)
-westpac.bank,nz.co.westpac
-com.suncorp.SuncorpBank (Suncorp Bank)
-stgeorge.bank (St.George Mobile Banking)
-banksa.bank (BankSA Mobile Banking)
-com.newcastlepermanent (NPBS Mobile Banking)
-com.nab.mobile (NAB Mobile Banking)
-com.mebank.banking (ME Bank)
-com.ingdirect.android (ING Australia Banking)
-be (ING Smart Banking)
-imb.banking2 (IMB.Banking)
-fusion.ATMLocator (People’s Choice Credit Union)
-com.cua.mb (CUA)
-commbank.netbank (CommBank)
-cba.android.netbank (CommBank app for tablet)
-citibank.mobile.au (Citibank Australia)
-citibank.mobile.uk (Citi Mobile UK)
-citi.citimobile
-bom.bank (Bank of Melbourne Mobile Banking)
-bendigobank.mobile (Bendigo Bank)
-doubledutch.hvdnz.cbnationalconference2016 (CB Conference 2017)
-com.bankwest.mobile (Bankwest)
-bankofqueensland.boq (BOQ Mobile)
-anz.android.gomoney (ANZ goMoney Australia)
-anz.android
-anz.SingaporeDigitalBanking
-anzspot.mobile
-crowdcompass.appSQ0QACAcYJ (ANZ Investor Tour)
-arubanetworks.atmanz (Atmosphere ANZ)
-quickmobile.anzirevents15 (ANZ Investor Relations Events)
-volksbank.volksbankmobile (Volksbank Banking)
-fiducia.smartphone.android.banking.vr (VR-Banking)
-volksbank.android
-secservizi.mobile.atime.bpaa (Volksbank per tablet)
-fiducia.smartphone.android.securego.vr (VR-SecureGo)
-isis_papyrus.raiffeisen_pay_eyewdg (Raiffeisen ELBA)
-easybank.mbanking (easybank)
-easybank.tablet (easybank app)
-easybank.securityapp (easybank Security App)
-bawag.mbanking (BAWAG P.S.K.)
-bawagpsk.securityapp (BAWAG P.S.K. Security App)
-psa.app.bawag (BAWAG P.S.K. SmartPay)
-pozitron.iscep
-vakifbank.mobile
-pozitron.vakifbank
-starfinanz.smob.android.sfinanzstatus (Sparkasse Ihre mobile Filiale)
-starfinanz.mobile.android.pushtan (S-pushTAN)
-entersekt.authapp.sparkasse (S-ID-Check)
-starfinanz.smob.android.sfinanzstatus.tablet
-starfinanz.smob.android.sbanking (Sparkasse+ Finanzen im Griff)
-palatine.android.mobilebanking.prod (ePalatine Particuliers)
-laposte.lapostemobile (La Poste – Services Postaux)
-laposte.lapostetablet (La Poste HD – Services Postaux)
-cm_prod.bad
-cm_prod.epasal (Epargne Salariale CM)
-cm_prod_tablet.bad
-cm_prod.nosactus
-societegenerale.mobile.lappli
-bbva.netcash (BBVA net cash)
-bbva.bbvacontigo (BBVA | Spain)
-bbva.bbvawallet (BBVA Wallet | Spain)
-bancosantander.apps (Santander)
-santander.app (Santander Brasil)
-cm.android (Bankia)
-cm.android.tablet (Bankia Tablet)
-bankia.wallet (Bankia Wallet)
Other targeted apps:
-amazon.mShop.android.shopping (Amazon Shopping)
-amazon.windowshop (Amazon for Tablets)
-ebay.mobile (eBay: Buy & Sell. Explore Discount Shopping Deals)
-airbnb.android (Airbnb)
-scores365 (365Scores: Sports Scores Live)
-pyrsoftware.pokerstars.net (PokerStars Poker: Texas Holdem)
-pokerstars.cebo.psp (PokerStars Play: Free Texas Holdem Poker Game)
-paster
-pokerstars.eptguide (PokerStars Live)
-pkrstrs191 (PKRSTRS Mobile 2Day App)
-thunkable.android.avenue_mitm.Polonix
-westernunion.android.mtapp (Western Union US – Send Money Transfers Quickly)
How To Stay Safe From This Android Malware?
Quick Heal recommends, to avoid downloading apps from third-party app stores or from the links provided in SMS or emails. Installing a reliable security app will an added bonus to your security and lastly, keep your OS and app versions up to date.
For the latest tech news, follow TechDipper on Twitter, Facebook, Google+, Instagram and subscribe to our YouTube channel.
Leave a Reply