Wednesday, September 18, 2024
HomeMalwareBanking Malware posed as a Popular Social Media App to Steal Financial...

Banking Malware posed as a Popular Social Media App to Steal Financial Data From Online Banking Systems

Published on

Newly discovered Two Android Banking Trojan posed as popular social Media and banking apps to steal the victim’s financial information from online banking and payment systems

Android Banking Trojan’s mainly targeting the financial sector such as bank and other financial institutions and compromising it to steal sensitive information such as username, password and credit card data.

It mimics as popular social media apps such as WhatsApp, Facebook, Skype, Instagram, Twitter and other India based banking apps.

- Advertisement - EHA

Malicious Android Applications are using fake ICON’s to trick users to install it on to the victim’s device.

How Does This Banking Trojan Attack Works

Initially victims download the malicious apps downloaded from third-party app stores or links provided in SMS’s or emails and pornographic websites.

Once it downloads and installed into the vicitms computer the malware gain access to special privileges by forcing the user to select the ‘Activate’ button.

The malicious application requested to Activate the device administrator to gain the complete control of the infection victims device.

If the user will press the CANCEL button, the app will keep asking Press the ACTIVATE  button to gain the special permission as you can see the above Picture.

Also, this malware having a list of apps that imitate as a legitimate apps and search it in the infected victim’s device after gaining the special permission.

According to Quickheal,  if the user opens any of these apps (banking or social media), the Trojan displays a fake window asking for a credit/debit card number. Unless this number is provided, this window prevents the user from accessing the app

Once the infected users will provide a card number and other relevant information that requested by this Trojan, then it will share the gathered information to the attacker via Command & Control server.

Mitigation

  1. Avoid downloading apps from third-party app stores or links provided in SMS or emails.
  2. Always keep ‘Unknown Sources’ disabled. Enabling this option allows installation of apps from third-party sources.
  3. Keep Play Protection service ‘ON’
  4. Verify app permissions before installing any app even from official stores such as Google Play.

Also Read:

Dangerous PANDA Banking Malware Spreads Through Phishing Attacks Targets Banks, Cryptocurrency Sites and Social Media

New Malicious dropper Spreading Dangerous “Bankbot” Banking Malware via Google Play store

New Dangerous Android Permission Security Flaw leads to Ransomware and Banking Malware Attacks

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actor Allegedly Selling Bharat Petroleum Database

A threat actor has allegedly put up for sale a database belonging to Bharat...

Chrome 129 Released with Fix for Multiple Security Vulnerabilities

The Chrome team has officially announced the release of Chrome 129, which is now...

VMware vCenter Server Vulnerability Let Attackers Escalate Privileges

VMware has issued a critical security advisory (VMSA-2024-0019) addressing two significant vulnerabilities in its...

CISA Warns of Windows MSHTML & Progress WhatsUp Gold Flaw Exploited Widely

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Hackers Exploiting Selenium Grid Tool To Deploy Exploit Kit & Proxyjacker

Two campaigns targeting Selenium Grid's default lack of authentication are underway, as threat actors...

North Korean Hackers Attacking LinkedIn Users to Deliver RustDoor Malware

North Korean hackers have been identified as targeting LinkedIn users to deliver sophisticated malware...

Crimson Palace Returns With New Hacking Tolls And Tactics

Cluster Bravo, despite its brief initial activity, subsequently targeted 11 organizations in the same...