A new banking Trojan has been pretending to be legitimate apps, like digital ID apps or news readers, in order to trick victims into downloading it so that it can take over their devices and steal the logins for their financial accounts. According to researchers at Cyfirma, these Trojan-filled malicious apps are specifically targeting Android users who have banking and cryptocurrency apps installed.
The malware is not only capable of stealing sensitive financial data off infected devices, but it also works quietly in the background like an infostealer, so it can avoid detection and continue to steal data from victims after the initial heist. Once it’s enabled on one of the best Android phones, it can also take over a device and read whatever is on the screen, tap buttons and even fill in forms. Likewise, it uses fake login screens to perform overlay attacks on top of real banking and cryptocurrency apps in order to steal any usernames and passwords that are entered by the victim.
After an initial check to ensure that it’s running on a real phone, it will ask users for special permissions. Like other Android malware it abuses the operating system's which Accessibility Services to do so which it says will help improve the app. However, this actually gives the hackers behind this banking trojan complete control over an infected device while also adding the malware as the device administrator app. This is a common malware tactic which is exactly why we caution against giving apps permissions that they don’t seem to need and why we say that checking the accessibility services section of your Android phone is a good way to detect potential malware.
Researchers say the majority of the activity they have seen from this malware is in Southeast Asia, but there’s not reason that these techniques couldn’t be used in any other country or area.
How to stay safe from Android malware
In order to protect your data and your devices from malware, the first thing you want to do is to stick to trusted sources and make sure that you're only downloading apps, especially VPNs and streaming services, from first-party app stores like the Google Play Store or from known developer sites. Never install something from a link in a forum or message sent via social media.
From there, you want to check the permissions requested by an app anytime a new one you've installed asks for control over your device, settings, accessibility services, or if it wants to install other apps. Stop and ask if its necessary. Does it need those permissions and what do you expect it to do with them?
You also want to use layered and up-to-date protection which is why I recommend installing one of the best Android antivirus apps on your phone alongside Google Play Protect. These security apps can scan for malware, dodgy downloads and any suspicious activity taking place on your device. You always want to keep your security software and your operating system up to date because that ensures that all the vulnerabilities that attackers could exploit are patched promptly.
Given that we now handle so much of our finances from our mobile devices, hackers likely won't stop developing new banking trojans and using them in their attacks anytime soon. That's why it's up to you to lock down your devices while also being extra careful online.
Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
