Indian IT solutions provider and anti-virus vendor Quick Heal has identified a new malware which is targeting banking apps on Android devices. The Android Banking Trojan targets over 232 banking apps, including those offered by Indian banks.

The malware, dubbed Android.banker.A9480, is capable of stealing the user’s login credentials, hijacking SMSs, and uploading the contact lists and SMSs to a malicious server. The malware also displays an overlay screen on top of legitimate apps in order to capture the login details of unsuspecting users.

Quick Heal reports that the Android banking malware is being distributed via a fake Adobe Flash Player app on third-party stores and due to the popularity of the Flash Player the malware is spreading at a rapid pace. Once the fake Flash Player app is installed on a user’s device, it requests the user to activate administrative rights. Even if the user rejects the request, the app keeps generating pop-ups until the user grants administrative privileges.

As soon as the administrative privileges are granted, the app hides its icon from the app drawer. The app works in the background and keeps checking the user’s device for banking and cryptocurrency apps. If the user has installed one of the 232 apps listed by Quick Heal, the app shows a fake notification on behalf of the targeted app. Upon clicking on the notification, users are greeted with a fake login screen of the targeted app which captures the user’s login credentials as soon as they’re entered.

Below is a list of all targeted banking apps in India:

  • Axis Mobile
  • HDFC Bank MobileBanking
  • SBI Anywhere Personal
  • HDFC Bank MobileBanking LITE
  • iMobile by ICICI Bank
  • IDBI Bank GO Mobile+
  • Abhay by IDBI Bank Ltd
  • IDBI Bank GO Mobile
  • IDBI Bank mPassbook
  • Baroda mPassbook
  • Union Bank Mobile Banking
  • Union Bank Commercial Clients

Other than popular banking and cryptocurrency apps, the malware is also capable of emulating other popular apps like Amazon Shopping, Airbnb, eBay, etc. to steal the user’s credentials. Quick Heal claims its Total Security anti-virus for mobile can successfully detect the app and the company has advised users to be wary of fake Adobe Flash Player apps, and apps from third-party stores in general.