Android bank app users targeted in sophisticated cybercrime attack
Millions of customers of Australia's largest banks have been the target of a sophisticated cybercrime operation.
- Millions of customers of Australia's largest banks have been targeted by a sophisticated malware attack.
- The virus presents a fake version of the login screen when an Android user accesses their banking app.
- Experts believe it is likely we will see more Android banking malware in the future.
The criminals attacked customers with Android mobile phones by stealing bank details and thwarting security systems.
While millions of customers are potentially at risk, cyber experts said they cannot be sure how many people have been affected.
Digital protection company ESET discovered the new malware, known as Android/Spy.Agent.SI, which presents a fake version of the login screen when an Android user accesses their legitimate banking application.
Nick FitzGerald, a senior research fellow at ESET, said this malware attack is highly dangerous.
"This one is significantly attacking two-factor authentication systems, which are increasingly being used in online banking apps as a mechanism to protect users from simple phishing schemes that we've seen in the past," he said.
The major banks potentially affected include Commonwealth, Westpac, National Australia Bank and ANZ.
Attack 'not massive' but an ominous sign
The malware is designed to mimic 20 mobile banking apps from Australia, New Zealand and Turkey and also mocks the login screens for PayPal, Skype, eBay and WhatsApp.
"The malware concerned here intercepts the user's username and password or account number and password, whatever it is that they normally have to put in when they log into their banking," Mr FitzGerald said.
"And then, if the bank that they're logging into uses a two factor authentication system that sends a token via an SMS message to the registered cell phone of the account that is logging in, this Android banking Trojan intercepts the arrival of that text message and will send the contents of that to the bad guys."
However, he said in terms of scale, the attack is not massive.
"We're not seeing a large amount of this happening, but the fact that the bad guys behind this are now attacking the two-factor authentication mechanisms used by these banks means that it's very likely that we'll see more Android banking Trojan software, malware, and possibly smaller sorts of malware for other platforms doing this in the future."
Only download from trusted app stores
A Google spokesperson told PM that Android users should not install any apps from the internet.
"It's important to only install applications from sources you trust," Google said in a statement.
"Over 1 billion devices are protected with Google Play which conducts 200 million security scans of devices per day."
The Commonwealth Bank agreed, saying in a statement that they recommend their customers only install apps from trusted Android app stores.
"Our monitoring and detection systems have not seen any increase in threats to our customers as a result of these reports," the statement said.
"Protecting the privacy and security of our customers is extremely important to us.
"We take a number of steps to protect our customers, including having world-class security capabilities and teams of experts dedicated to protecting customer information.
"We also provide our customers a 100 per cent security guarantee for all customers using the CommBank app or NetBank."
The banks said their customers should review all permissions for apps they install and avoid installing apps from any links or pop-ups.
Keep in-built security measures
Mr FitzGerald said the most important thing is that people do not disable the built-in security on their Android smartphones.
"By default, Android devices don't let you install apps from third party app stores, they only let you install apps from the Google Play store," he said.
"And this malware can't normally get on your phone unless you have disabled that."
Source: ABC News