New Android Banking Malware Steals Login Credentials From Financial Apps

Banking malware is a significant threat to consumers all over the world. Criminals are stepping up their game by not only targeting PC users, but also going after mobile device owners. A new malicious Android Flash Player app is spreading new banking malware on a very large scale. Once the software is installed, the toolkit will extract credit card information, and even bypass 2FA security.

Another Malware Attack Against Android Users

It is not the first nor the last time Android users will be targeted by criminals. After all, Android remains the most popular mobile operating system in the world today. As adoption of mobile devices continues to increase, the number of potential cyber crime victims goes up as well. Mainly users conducting financial transactions on their mobile devices are of high value to criminals right now.

One thing the Android operating system lacks is a Flash player. That is not entirely surprising, as Flash is both vulnerable to cyber attacks, and has become obsolete in recent years. Unfortunately, some video content requires a Flash player, which forces Android users to circumvent this problem. A new type of malicious Flash Player app is making the rounds, which disguises its banking malware payload.

So far, it remains unclear how many devices have been infected with this banking malware. Security researchers did point out some of the more prominent financial institutions that are being targeted. As far as the distribution of this fake Android Flash player is concerned, all signs point towards third-party APK files being hosted on various websites.




What is rather worrisome is how much damage this APK file can do. Stealing login credentials from banking apps is just the tip of the iceberg. It is also capable of intercepting SMS communication and bypassing two-factor authentication. Do keep in mind, though, that the latter is only possible when relying on SMS-based 2FA.

As soon as users have installed the fake Flash player, they will be tricked into granting it root privileges. Once this has been done, the malware starts running in the background, and cannot be interrupted through traditional means. Uninstalling the app is not possible, although users can revoke its administrator rights by going into the device’s security settings.

The collection of credit card information occurs by showing a screen overlay on top of existing applications. The malware can verify the entered information through a centralized command-and-control server. Entering credit card data should be avoided at all costs, through, as this data will be either sold on the deep web or abused by making fraudulent purchases.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.