Indian Banking Apps Including HDFC, ICICI, & SBI Affected By Android Trojan; Claims Quick Heal Security Labs

A lot of fraudulent activities from ATM machines are being reported wherein without even using the card, the money is taken out. Despite repeated instructions of not sharing PIN and OTP with anyone, the frauds continue. This is because a lot of times your details are traced and replicated elsewhere, making the person to access your bank account. Quick Heal Security Labs, a global IT security firm has revealed, they have discovered an Android Banking Trojan that imitates more than 232 mobile applications and those include Indian banks like SBI, HDFC, ICICI, Axis banks among them.

Researchers informed a malware by the name ‘Android.banker.A2f8a’ is being distributed through a fake Flash Player app on third-party stores. Once this application is downloaded is checks the application installed on the particular phone and looks specifically at the banking apps. Once such a targeted app is found on the phone, the application starts showing fake notifications. The person would then get notifications from their banking application and it will want the user to login with their credentials. So, this information gets stolen along with the password.

The banking application which are majorly affected are- Axis mobile, HDFC Bank MobileBanking, SBI Anywhere Personal, HDFC Bank MobileBanking LITE, iMobile by ICICI Bank, IDBI Bank GO Mobile+, Abhay by IDBI Bank Ltd, IDBI Bank GO Mobile, IDBI Bank mPassbook, Baroda mPassbook, Union Bank Mobile Banking, and Union Bank Commercial Clients.

The defective flash player application keeps running in the background going through the other applications as well. It can create a fake login screen where you put your user ID and password, which is enough to track your transactions and steal money. It is thus advised to keep an up-to-date mobile security application running on your cell phone. One should also avoid downloading the third party stores. According to Quick Heal, this malware can also process commands like sending an SMS, upload contact location, accessibility and GPS permissions etc.

With technology offering comfort, a lot of us tend to use mobile banking applications than going to the bank personally. It is easier, convenient and of course time-saving to use banking applications. But the same technology can get too messy with such malwares. If you are actively using these applications please be careful before you get notifications.