An Android malware is reportedly targeting over 232 banking apps including a few banks in India.
The report lists a number of targeted banking apps which, includes Axis Mobile, HDFC Bank MobileBanking, SBI Anywhere Personal, HDFC Bank MobileBanking LITE, iMobile by ICICI Bank, IDBI Bank GO Mobile+, Abhay by IDBI Bank, IDBI Bank GO Mobile, IDBI Bank mPassbook, Baroda mPassbook, Union Bank Mobile Banking and Union Bank Commercial Clients.
In order to display the Uber screen where users can order a ride, the malware uses what is called a deep link URL from the legitimate app that contains information about the user's Ride Request activity. The Flash Player app is a popular target for cybercriminals due to its prevalence. To avoid suspicion, which might prompt a password change, Fakeapp then deep links to the actual Uber app. Once administrative rights are obtained, the trojan scans the device for as many as 232 banking and cryptocurrency apps. If it accesses any of these apps from a user's smartphone, it generates a fake notification sent on behalf of the banking app. Just like the real version, this app has fields which users can use to enter their phone number and Uber password.
Fake Uber login screens
"This case again demonstrates malware authors' never-ending quest for finding new social engineering techniques to trick and steal from unwitting users", the company added.
When the user enters the information, it isn't actually providing it to Uber; the malware is using the fake interface to steal the login information from the victim. Using this method, they will steal the complete information like login ID and passwords. And even if the user denies the request or kills the process, the app will keep throwing continuous pop-ups until the user activates the admin privilege. Hence it can get the OTP even though if we have kept two-factor authentication to our bank account.
A representative from Uber warns users to only download trusted apps from the Google Play store, since this "phishing" app requires the user to download and install it in the first place in order for it to be able to work. And, any OS or app updates should be installed as they're released.