New Android Malware Could Steal Sensitive Information

  • CERT Admin
  • Sat May 02 2020
  • Alerts

Threat Level 

High 

Overview 

A new malware type that is abusing slcerts accessibility feature to capture sensitive financial data from victims devices has been identified. 

Description 

Malware is targeting over 200 financial applications including banking, money transfer services and crypto-currency wallets such as PayPal, Barclays, HSBC and Capital-One etc. This Malware is capable of reading user SMS messages in order to hijack SMS-based two factor authentication. This Malware campaign was first identified in March 2020 and it masks its malicious intent by pretending to be a legitimate application such as Adobe flash, Microsoft Word etc.  

Impact 

  ✻  Risk of Exposure of your personal information
  ✻  Financial loss
  ✻  Malware distribution  

Solution/ Workarounds 

  ✻  Use official google store to download application
  ✻  Read comment section before downloading the application to check the credibility
  ✻  Enable Google Play protect  

References 

  ✻  https://thehackernews.com/2020/04/android-banking-keylogger.html 

Disclaimer 

The information provided herein is on "as is" basis, without warranty of any kind. 

Last updated: Sat May 02 2020