Sophisticated malware detected that steals online banking passwords, thwarts text authentication
March 10, 2016
Shah Sheikh (1294 articles)

Sophisticated malware detected that steals online banking passwords, thwarts text authentication

NEW malware that targets mobile banking apps of Australia’s big banks has been detected.

The sophisticated virus infects Android users and can steal password details and even thwart two-factor authentication.

In a concerning discovery for mobile bankers, the malware was discovered by ESET security systems and works by presenting victims with a fake version of the login screen when they access their legitimate banking application.

When customers login they are unwittingly met with the fake page to input their passwords. Creators of the malware are then able to steal these details and access the account remotely to transfer money out.

Customers of Commonwealth Bank, Westpac, ANZ and the National Australia Bank are all vulnerable to the malware which can hide on a person’s device until they use the banking app.

In addition to stealing the login details of customers, thieves can also intercept verification text messages sent to the device, allowing them to thwart extra security measures put in place by the banks.

“This allows SMS-based two-factor authentication of fraudulent transactions to be bypassed, without raising the suspicions of the device’s owner,” ESET malware researcher Lukas Stefanko said in a statement.

The malware is believed to have been developed in recent years from more primitive versions, to get to its current level of sophistication. The malware is reportedly designed so it can target multiple banks in Australia, New Zealand and Turkey.

“The attack has been massive and it can be easily refocused to any other set of target banks,” Mr Stefanko said.

BankWest, Bendigo Bank, St George Bank, Bank of New Zealand, Wells Fargo and Kiwibank are also among the list of vulnerable banks.

According to ESET, the Trojan spreads as an imitation of the Flash Player video application either installed from an infected website or via a predatory text message. Once it has been installed on the phone, the bogus app requests device administrator rights. If granted by the user, the malware then checks to see if any target banking applications are installed on the device. It then receives the fake login screens for each banking app on the phone, which will appear the next time the user logs in.

Cyber security expert Matthew Warren said the malware comes as no suprise.

“It’s an ongoing problem with android devices, because of the open source nature of the platform… There’s been a number of malware aimed at banking apps,” he told

Unlike Apple, for instance, which only allows users to download apps from its controlled App Store, Android users can download apps from anywhere.

Malware attacks such as this latest one are known as “spearfishing attacks” and “are an extension of the weakness of the android platform,” Mr warren said.

He said Android users should ensure they have malware protection software installed on their device if they’re using banking apps


For those who believe they are infected by the malware, they can remove it from the device by first decommissioning administrator rights for the app by going to Settings > Security > Device administrators > Flash Player > Deactivate.

From there, users can uninstall the malware app in settings.

Source |