Most of Australia’s major banks are being targeted by some potentially catastrophic malware on customers’ Android smartphones. Android/Spy.Agent.SI, as it’s been named, locks users’ phones when they open a banking app, redirecting them to a phishing server masquerading as the bank’s official site.
Business Insider reports the research from ESET says that Android/Spy.Agent.SI is targeting major banks within Australia. Westpac, Bendigo Bank, Commonwealth Bank, St. George Bank, National Australia Bank, Bankwest, Me Bank and ANZ Bank are all listed as under threat.
The malware is distributed through infected apps, which then ask for device administrator rights and are allowed access by unsuspecting users into nearly every corner of the Android operating system. From there, Android/Spy.Agent.SI can monitor a device’s phone number, text messages and IMEI data, and can act as a middleman to any banking apps already installed on the phone.
When a banking app is launched, the malware locks any back or home buttons, preventing users from exiting the app until login details are entered — into the fake simalcrum of the sign-in screen overlaid on top of the legitimate app itself. Any two-factor authentication systems are dealt with through the malware’s access to Android text messages, and those authentication messages are deleted once access is surreptitiously granted.
“This is a significant attack on the banking sector in Australia and New Zealand, and shouldn’t be taken lightly,” says Nick FitzGerald, Senior Research Fellow at ESET. “While 20 banking apps have been targeted so far, there’s a high possibility the e-criminals involved will further develop this malware to attack more banking apps in the future.”