New Android malware targeting bank details – here’s how to protect yourself

There’s a new Android Trojan doing the rounds, and this time, it’s after banking details – targeting customers of banks across the US and Europe.

The malware looks like a Flash Player app, and is considered to be highly dangerous as it has the ability to bypass two-factor authentication via SMS.

Banks such as Santander, Paypal, and Wells Fargo are reportedly among the more than 90 banks being targeted by the malware.

Related: Best antivirus

Fortinet security researcher Kai Lu told the International Business Times: “Active users of mobile banking apps should be aware of a new Android banking malware campaign targeting customers of large banks in the United States, Germany, France, Australia, Turkey, Poland, and Austria.

“This banking malware can steal login credentials from 94 different mobile banking apps.”

The app works by displaying an overlay on top of other apps, restarting whenever a user clicks the ‘cancel’ button, eventually forcing them to tap on the ‘activate’ option.

This apparently grants the malware full device administrator rights, while it remains active in the background even after the Flash Player icon is hidden from the launcher.

Once installed, the app can intercept SMS messages, which means it can bypass two factor authentication set up by banks to increase security.

What’s more, once it’s been installed the app has a so-called ‘self-defence’ mechanism which stops the malware from being uninstalled.

Users affected by the Trojan will see a fake login window that asks for login credentials for apps, which, once entered, are sent to the app’s command and control centre.

If you’ve been duped by the malicious software, the first thing to try is to uninstall it manually by going to settings>security>device administrators and tapping on Google Play Services.

From here, you should be able to tap on a Deacticate option, then head to settings>apps>Flash Player Update and tap on Uninstall.

Of course, if you think your bank details have been stolen via the malware, you should contact your bank immediately.

Watch The Refresh: The best tech gossip and reviews every week

Let us know if you’ve been affected in the comments.

Unlike other sites, we thoroughly review everything we recommend, using industry standard tests to evaluate products. We’ll always tell you what we find. We may get a commission if you buy via our price links. Tell us what you think – email the Editor