Serious Android Malware Is Targeting Aussie Banking Apps

Most of Australia's major banks are being targeted by some potentially catastrophic malware on customers' Android smartphones. Android/Spy.Agent.SI, as it's been named, locks users' phones when they open a banking app, redirecting them to a phishing server masquerading as the bank's official site.

Business Insider reports the research from ESET says that Android/Spy.Agent.SI is targeting major banks within Australia. Westpac, Bendigo Bank, Commonwealth Bank, St. George Bank, National Australia Bank, Bankwest, Me Bank and ANZ Bank are all listed as under threat.

The malware is distributed through infected apps, which then ask for device administrator rights and are allowed access by unsuspecting users into nearly every corner of the Android operating system. From there, Android/Spy.Agent.SI can monitor a device's phone number, text messages and IMEI data, and can act as a middleman to any banking apps already installed on the phone.

When a banking app is launched, the malware locks any back or home buttons, preventing users from exiting the app until login details are entered — into the fake simalcrum of the sign-in screen overlaid on top of the legitimate app itself. Any two-factor authentication systems are dealt with through the malware's access to Android text messages, and those authentication messages are deleted once access is surreptitiously granted.

“This is a significant attack on the banking sector in Australia and New Zealand, and shouldn’t be taken lightly,” says Nick FitzGerald, Senior Research Fellow at ESET. “While 20 banking apps have been targeted so far, there’s a high possibility the e-criminals involved will further develop this malware to attack more banking apps in the future."


Comments

    Will I have to install ESET to see if I have it or are there other methods?

      Unless you've recently (in the past 3 months) disabled your "unknown sources" protection and side-loaded Flash Player onto your phone, there's no need to worry.

    The words Malware and Android have become synonymous of late.

    It should serve as a timely reminder to instal Malwarebytes or equivalent on your Android device.

      Nope, it should not. You don't need a virus scanner on Android - just don't be so stupid as to switch off the security safeguards that are there for your protection against this kind of thing.

      Pretty much all of the serious malware infections in the past 2 years - including this one - have only been possible if you're dumb enough to disable the "firewall," accept the big scary warning that it's a dumb thing to do, and side-load an app from a dubious online source.

        I partly agree with you, however, having no virus scanner is a completely dumb idea. Just because Android is a Linux based Os, it should not be regarded as a secure OS. It has bugs that can be exploited, even if the "security safeguards" are enabled and the user takes caution on what he clicks or open.

        That risk of your device becoming infected is still there... You shouldn't completely ignore that fact.

    What's missing from here is HOW you get infected, that part is left to the realms of magic.

      It says in the article; distributed via infected applications. This means that if you have installed a suspicious application from the android play store (assuming this malware exists there), or you have side-loaded an application from an unknown source onto your device, the app may be infected. However, no application (to my knowledge so far) can gain device administration privileges without the user granting them first, so if an application asks for these privileges double check to ensure you know exactly why it would need them.

        This malware is not from the Play Store. Users are not at risk unless they've enabled "unknown sources" from the Security settings (which is disabled by default) and side-loaded an application.

        According to the source, it's hidden in infected versions of the Flash Player available on some dodgy sites. Flash Player has been discontinued and hasn't been on the Play Store for years. Phones are infected when the user enables the "unknown sources" security check and side-loads the Flash Player apk file.

        The trojan activates 3 days after installation and hijacks various parts of the system, capturing bank details and even intercepting 2-factor authentication SMS's. It's a very clever bit of programming, but it requires the user to do something seriously dumb so almost everyone is safe.

          See, THIS is the vital info that was SORELY missing form the article.

    As usual, the only way this (or any) malware can infect a user's device is due to their own stupidity (installing shady apps and allowing shady permissions).

      Is this not what "AWESOME OPEN ANDROID" is all about, the freedom to do with your phone as you please... not be locked down like silly iOS?

        Yes it is. Just like I feel I should be free to hand over my banking details to a nigerian prince should I so choose, I also should be free to install any moronic bit of malware on my phone if I'm stupid enough. Survival of the fittest.

        Just putting back some of the natural selection that universal healthcare has weeded out.

Join the discussion!

Trending Stories Right Now