The QuickHeal security lab in Pune has detected two banking Trojans, specifically designed to steal user’s financial or banking data from a smartphone.
IT security solutions provider QuickHeal has detected Trojan malware and virus that steal sensitive financial data from banking apps on a smartphone. Considering the high number of financial transaction and actions taking place online, this new development is worth noting.
QuickHeal's security lab in Pune, India have detected two banking Trojans, specifically designed to steal user’s financial or banking data from a smartphone. QuickHeal shared a blog post regarding this malware and Trojans, and how to detect such app malware in a smartphone.
What is a banking Trojan?
A banking Trojan steals user’s banking data via an app or software. This data could be a user's auto-saved bank passwords and login-in credentials and even the user's visits to banking sites and other activities related to banking.
Information on Banking Trojans detected by Quick Heal
QuickHeal's lab has discovered two apps from the Play Store that steal user data from a smartphone. The first app has an icon of Adobe Flash Player and second app with the name "update" for smartphones. These apps trick users with official names and icons.
How do these Trojans work?
When any user installs such an app from Google Play Store, the app requests the user to grant few permissions which include device administrator settings. These settings include changing device password, set password rules, lock the screen and much more.
Even if the user selects 'cancel' to deny the permission, it pops up again and again to gain the permission. Some users may uninstall the app, but there are others who give in and grant the permissions. This Trojan-embedded app waits for the user to launch any banking app on the phone, and when it happens, these Trojans automatically start working in the background.In some cases, a fake window asking for credit/debit card details for donation may appear. If the user logs in, these Trojans send the login info to the server controlled by the attacker. After the info is collected, the details received can be misused.