Android Malware Hack Bank Accounts Credentials

  • 0
Android Malware to hack Bank Accounts

Android Malware Hack Bank Accounts Credentials

Category : Blog

Android Malware Hack Bank Accounts Credentials

Android Malware  Hack Bank Accounts Credentials. Few Days back a New Android Banking Malware ESET discovered on Google Play was spotted. Recently one more Malware was spotted which is targeting banks and taking their important credentials. Through investigation, threat has uncovered its code which was build using source code was public about a month ago.

Previously, a version was detected by ESET as Trojan.Android/Spy.Banker.HU (version 1.1), reported on February 6th. .  That malware was distributed as a trojanized version on a weather forecast application “Good Weather”. It targeted 22 Turkish mobile banking app taking their all important credentials by using a login forms. Through this login the Trojan could lock and unlock that device.

A new version of Trojan was discovered on Google play Last Sunday and this time in another weather app called “World Weather”. This Trojan was detected by ESET as Trojan.Android/Spy.Banker.HU (version 1.2), reported on February 14th.  Was available in Google Play Store and pulled from the Google store on February 20th. .
Android Malware to hack Bank Accounts

Victims by Country

  • Turkey (2144)
  • Unknown (331)
  • Syria (202)
  • South Africa (24)
  • Germany (10)
  • Ghana (10)
  • Nigeria (10)
  • United states (7)
  • Great Britain (5)
  • Other (67)

Victims by malware version

  1. v1.2 – Android /Spy.Banker.HW (1919)
  2. v1.2 – Android /Spy.Banker.HH (675)
  3. v1.2 – Android /Spy.Banker.HU (216)

How it works?

The New Trojan works same as the previous version found. Trojan.Android/Spy.Banker.HW sets a lock screen password and is able to lock and unlock infected devices remotely. The only difference is the malware the malware now affects users of 69 British, Austrian, German and Turkish banking apps – and a more advanced obfuscation technique.

The Trojan has an inbuilt notification functionality, because of which it could only be verified after having accessed the C&C server. Then the malware is able to display fake notifications, prompting the user to launch one of the targeted banking apps on behalf of an “important message” from the respective bank. By doing this a fake login screen is triggered.

How to know you device is infected? How to avoid it?

If you have installed any weather app from Google play store make sure you haven’t been one of the victims of this banking Trojan.

In case you have downloaded an app named Weather, look into Settings -> Application Manger. If you see the app in downloads, and also find “System update” under Settings -> Security -> Device administrators, your device has been infected.

To avoid, you turn to a mobile security solution, or you can remove the malware manually.

To manually uninstall the Trojan, it is first necessary to deactivate its device administrator rights found under Settings -> Security -> System update. With that done, uninstall the malicious app in Settings -> Application Manger -> Weather.

Some Targeted applications

 

Android/Spy.Banker.HH and Android/Spy.Banker.HU:

com.garanti.cepsubesi
com.garanti.cepbank
com.pozitron.iscep
com.softtech.isbankasi
com.teb
com.akbank.android.apps.akbank_direkt
com.akbank.softotp
com.akbank.android.apps.akbank_direkt_tablet
com.ykb.androidtablet
com.ykb.android.mobilonay
com.finansbank.mobile.cepsube
finansbank.enpara
com.tmobtech.halkbank
biz.mobinex.android.apps.cep_sifrematik
com.vakifbank.mobile
com.ingbanktr.ingmobil
com.tmob.denizbank
tr.com.sekerbilisim.mbank
com.ziraat.ziraatmobil
com.intertech.mobilemoneytransfer.activity
com.kuveytturk.mobil
com.magiclick.odeabank

Android/Spy.Banker.HW:

com.garanti.cepsubesi
com.garanti.cepbank
com.pozitron.iscep
com.softtech.isbankasi
com.teb
com.akbank.android.apps.akbank_direkt
com.akbank.softotp
com.akbank.android.apps.akbank_direkt_tablet
com.ykb.android
com.ykb.androidtablet
com.ykb.android.mobilonay
com.finansbank.mobile.cepsube
finansbank.enpara
com.tmobtech.halkbank
biz.mobinex.android.apps.cep_sifrematik
com.vakifbank.mobile
com.ingbanktr.ingmobil
com.tmob.denizbank
tr.com.sekerbilisim.mbank
com.ziraat.ziraatmobil
com.intertech.mobilemoneytransfer.activity
com.kuveytturk.mobil
com.magiclick.odeabank
com.isis_papyrus.raiffeisen_pay_eyewdg
at.spardat.netbanking
at.bawag.mbanking
at.volksbank.volksbankmobile
com.bankaustria.android.olb
at.easybank.mbanking
com.starfinanz.smob.android.sfinanzstatus
com.starfinanz.smob.android.sbanking
de.fiducia.smartphone.android.banking.vr
com.db.mm.deutschebank
de.postbank.finanzassistent
de.commerzbanking.mobil
com.ing.diba.mbbr2
de.ing_diba.kontostand
de.dkb.portalapp
com.starfinanz.mobile.android.dkbpushtan
de.consorsbank
de.comdirect.android
mobile.santander.de
de.adesso.mobile.android.gad
com.grppl.android.shell.BOS
uk.co.bankofscotland.businessbank
com.barclays.android.barclaysmobilebanking
com.barclays.bca
com.ie.capitalone.uk
com.monitise.client.android.clydesdale
com.monitise.coop
uk.co.northernbank.android.tribank
com.firstdirect.bankingonthego
com.grppl.android.shell.halifax
com.htsu.hsbcpersonalbanking
com.hsbc.hsbcukcmb
com.grppl.android.shell.CMBlloydsTSB73
com.lloydsbank.businessmobile
uk.co.metrobankonline.personal.mobile
co.uk.Nationwide.Mobile
com.rbs.mobile.android.natwest
com.rbs.mobile.android.natwestbandc
com.rbs.mobile.android.rbsm
com.rbs.mobile.android.rbsbandc
uk.co.santander.santanderUK
uk.co.santander.businessUK.bb
com.tescobank.mobile
uk.co.tsb.mobilebank
com.rbs.mobile.android.ubn
com.monitise.client.android.yorkshire

 

Please do check before installing any weather app and follow above steps. Hope it will help you all and prevent from Android Malware  Hack Bank Accounts Credentials.

 

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

 

 

Summary
Review Date
Reviewed Item
good
Author Rating
51star1star1star1star1star

Leave a Reply

Show Buttons
Hide Buttons