Two new strains of trojan viruses are targeting banking apps on Android smartphones in India, where banks follow two-time user authentication. Now, security experts are warning users as the viruses can bypass two-factor authentication.
Computer security firm Quick Heal on Tuesday, June 12, intercepted Android.Marcher.C and Android.Asacub.T, trojans that are taking advantage of Android device users' social media activities to gain access to their sensitive data. Some banking and social apps like Facebook, WhatsApp, Instagram, Twitter, and Skype have been the subject of the perpetrators' modus operandi behind the malicious software, imitating their notifications to look just like the original ones.
Quick Heal said once the malware gain access to incoming messages, they become capable of cutting short the two-factor authentication method, which normally uses a one-time password or pin, in transactions done online.
To make users believe they are genuine apps, Android.Marcher.C cloaks under the Adobe Flash Player icon while Android.Asacub.T hides as an Android Update icon.
Sanjay Katkar, co-founder and chief technology officer at Quick Heal, said unverified third-party apps and malicious SMS links lay the groundwork for cybercriminals to easily run off with important credentials from unsuspecting victims. Katkar added that cybercriminals are now massively shifting to mobile platforms, given the number of phishing attacks in the last couple of months.
"The fact that we've detected three similar malware in less than six months indicates that hackers are now targeting mobile users, who are far more vulnerable to sophisticated phishing attacks."
Early this year, the company intercepted a malware called "Android.banker.A2f8a" which worked similarly to Android.Marcher.C and Android.Asacub.T. It was propagated through a bogus Flash Player, faking over 232 banking and cryptocurrency apps on Android.
In the meantime, mobile device owners are warned to refrain from downloading apps from unknown sources such as third-party app stores and random email and SMS links. In addition, disabling 'Unknown Sources' from the Settings menu, turning Google Play Protect service on, and double-checking app permissions will greatly help in preventing any malware from exploiting users.