Android Banking Malware uses social engineering to bypass battery saving process

Android Banking Malware uses social engineering to bypass battery saving process

Category : Blog

Android Banking Malware  uses social engineering to bypass battery saving process


Android banking malware can stay connected with its control servers even after the android device is off.



Flaw in Doze functionality in Android



Doze is a power mode that activates once the android device haven’t been interacting with the owner of the device for a period of time. This was first introduced in the Android 6.0 Marshmallow.

When this functionality in the android device is activated it restricts all applications access to the network and other services  on the device to save battery i.e unless it is included in the battery optimization whitelist.


There is the Flaw


The Android banking  malware just need to add it self into the whitelist in the battery optimization.  The android banking malware are using social engineering techniques to get the permission.

Basically they are generating a pop up permission message by invoking  “REQUEST_IGNORE_BATTERY_OPTIMIZATIONS”  . This displays the permission pop up message to the android device user.



The android banking malware can hide itself commonly known as binds itself with any authentic application. For example it can bind itself with a banking app of HDFC. It will pop up a message to fake the user to get the “yes” button clicked by the user and get the necessary permission.

It is important for the users to apply common sense and be alert when they are in the cyber space. It is important that you should not click on the OK or Yes button every time as rightly explained by Dinesh of Symantac. Check it out


If the victim clicks on the yes button the android banking malware will be added to the whitelist of the battery optimization allowing the application to stay connected to its attacker even when the device is switched off.


What does the android banking malware do ?


Once the malware had go the access it can now have full access to the SMS – Messages, install shortcuts, check the phone status.

The actual function of this android banking malware is to check any of the banking applications are installed on the device.

If the android banking malware finds any banking application s in the device it will remove or uninstall it automatically without the permission of the user. The android banking malware will re-create a copy of the application which it had deleted and ask the user to install the updated copy of it. In this process the android banking malware might ask for credentials which the user happily provides it.

android banking malware

How to be safe in the cyber space ?


With all ATM hacking recently this android banking malware had created a panic in the minds of the android users who frequently uses banking applications. With recent currency denomination people have no other option other than using banking application or doing transections using android devices.

  1. Please use your common sense which is highly not common among the users. Do not click and allow permission to applications.
  2. Read the applications display messages very carefully.
  3. Most importantly use a updated anti-virus
  4. And the last one please be alert. We know it is individual trait which differ among individuals but the more you are alert the more you are not vulnerable to cyber attacks.



Related Topics:

Android  Ransomeware

Android Trojan in Google play store



Most Popular trainings at Indian Cyber Security Solutions, Kolkata



Ethical Hacking Training – Certified Ethical Hacking Professional


Hands on training by experts with 10 years of cyber security experience. You can go for online training from any were in the world and the best part your LIVE classes gets recorded and uploaded in the YouTube Chanel of Indian Cyber Security Solutions. You will have a life time access to all the videos which is a huge boost. For people who prefer class room training can come down to Kolkata where you can have 3 months course. We provide 100% money refund guarantee if you are not satisfied with our delivery. In ethical hacking training we provide in depth training on how to use Kali Lynx, Metasploit, N-Map, Back Box and many more. You can also go for the CEH v9 training from us as. CEH v9 is a global certification course valid in more than 160 countries and all MNCs made it compulsory to be eligible for cyber security jobs.



Python training – Best training in Kolkata


Hackers are familiar with python programming as many hacking tools like port scanner and many more are coded in Python. You will learn from the makers of the tools how to use python programming as per the industry requirement. It is highly recommended to students of IT, CSE, BCA and MCA who are interested in web security and ethical hacking should learn python programming. Our experts led training program is of 3 months. You can go for online or class room training depending on your choice. Our Advance level python training is a new course launched by ICSS focusing on in-depth use of python in diverse fields

Leave a Reply