Millions of customers of Australia’s largest banks are the target of a sophisticated Android Malware hijack attack which steals banking details and thwarts two-factor authentication security.
Commonwealth Bank, Westpac, National Australia Bank and ANZ Bank customers are all at risk from the malware which hides on infected devices waiting until users open legitimate banking apps. The Malware hijack then superimposes a fake login screen over the top in order to capture usernames and passwords.
The Malware hijack is designed to mimic 20 mobile banking apps from Australia, New Zealand and Turkey, as well as login screens for PayPal, eBay, Skype, WhatsApp and several Google services.
Apart from Australia’s Big Four banks it targets a range of other financial institutions including Bendigo Bank, St. George Bank, Bankwest, ME Bank, ASB Bank, Bank of New Zealand, Kiwibank, Wells Fargo, Halkbank, Yapı Kredi Bank, VakıfBank, Garanti Bank, Akbank, Finansbank, Türkiye İş Bankası and Ziraat Bankası.
Along with stealing login details, the malware can also intercept two-factor authentication codes sent to the phone via SMS — forwarding the code to hackers while hiding it from the owner of the phone. With access to this information, thieves can bypass a bank’s security measures to log into the victims’ online banking account from anywhere in the world and transfer funds.
Infected Android devices include ‘Flash Player’ in the list of device administrators found under the Settings > Security > Device Administrators menu. Attempts to remove Flash Player from this list generates a bogus alert warning that data may be lost, but it is safe to press OK. With its device administrator rights disabled it is possible to uninstall the malware via Settings > Apps/Application manager > Flash Player > Uninstall.
In some cases the Malware hijack superimposes a fake warning over the Device Administration list to prevent deactivation. The solution is to restart the Android device in Safe Mode, which restarts the device with all installed apps disabled, preventing the malware from blocking access to the Device Administration list. Safe Mode is accessed in different ways on different devices, so consult your manual or a support website.
The latest Android malware attack comes as Google steps up its efforts to block websites containing bogus advertisements and pop-ups which often link to malware. These bogus messages often insist that visitors must install extra media player software, or update existing software such as Adobe Flash, in order to watch online video.