New Delhi, Jan 4: The IT solutions company Quick Heal technologies on Thursday said it has detected an Andriod malware which targeted 232 Indian banking apps. The malware, named Android.banker.A2f8a, is designed for stealing login credentials, hijacking SMSs, uploading contact lists and SMS on a malicious server. The company, in a blog, stated that it was being distributed through a fake Flash Player app on third-party stores.Also Read - Technology Tips And Tricks: How To Copy Paste Between Android and Windows, Watch Video To Know

“If any one of the targeted apps is found on the infected device, the app shows a fake notification on behalf of the targeted banking app. If the user clicks on the notification, they are shown a fake login screen to steal the user’s confidential info like net banking login ID and password,” said Bajrang Mane from Quick Heal. Also Read - Microsoft Office Gets Dark Mode For Android Users

Here are some of the targeted baking apps in India: Also Read - Twitter Starts Rolling Out Spaces on Android in India, Know All About The Audio Chat Tool

-axis.mobile (Axis Mobile)
-snapwork.hdfc (HDFC Bank MobileBanking)
-sbi.SBIFreedomPlus (SBI Anywhere Personal)
-hdfcquickbank (HDFC Bank MobileBanking LITE)
-csam.icici.bank.imobile (iMobile by ICICI Bank)
-snapwork.IDBI (IDBI Bank GO Mobile+)
-idbibank.abhay_card (Abhay by IDBI Bank Ltd)
-com.idbi (IDBI Bank GO Mobile)
-idbi.mpassbook (IDBI Bank mPassbook)
-co.bankofbaroda.mpassbook (Baroda mPassbook)
-unionbank.ecommerce.mobile.android (Union Bank Mobile Banking)
-unionbank.ecommerce.mobile.commercial.legacy (Union Bank Commercial Clients)

Here are the targeted crypto-currency apps:

-bitfinex.bfxapp (Bitfinex)
-veken0m.cavirtex (Bitcoinium)
-brothas.mtgoxwidget (Bitcoin Ticker Widget)
-master.cointransaction (Bitcoin/Altcoin chart, alarm, ticker)
-leowandersleb.bitcoinsw (Flux Bitcoin Widget)
-ozgur.btcprice (Bitcoin Price)
-coinprices.allexchanges (Crypto Prices All-in-One)
-blockchain.android (Blockchain – Bitcoin & Ether Wallet)
-blockchain.merchant (Blockchain Merchant)
-hyperwallet.wubsprepaid (WUBS Prepaid)
-blocktrail.mywallet (BTC.com – Bitcoin Wallet)
-claimyourbits.btcsafari (BTC SAFARI – Free Bitcoin)
-handyapps.bitcoinpriceiq (Bitcoin Price IQ)
-schildbach.wallet (Bitcoin Wallet)
-blockfolio.blockfolio (Blockfolio Bitcoin / Altcoin App)
-org.freewallet.app (Bitcoin Wallet by Freewallet)
-bitcoin.crane.money (Bitcoin NewsCrane)
-coinmarketapp.app (Bitcoin CoinMarketCap.com (unofficial) / Altcoin)
-coinpayments.coinpaymentsapp (CoinPayments)
-org.freewallet.app (Bitcoin Cash Wallet by Freewallet)
-cenci7.coinmarketcapp (CoinMarketCapp – Blockchain Cryptocurrencies)
-benzneststudios.cryptostory (CryptoStory – Cryptocurrency Portfolio)
-langerhans.wallet (Dogecoin Wallet)

Here are other banking apps that are targeted by the malware:

-sberbankmobile
-sberbank.spasibo
-sberbank_sbbol
-sberbank.mobileoffice
-sberbank.sberbankir (Sberbank IR)
-alfabank.mobile.android
-alfabank.oavdo.amc
-st.alfa
-alfabank.sense
-alfadirect.app (Alfa-Direct)
-mw (Visa QIWI Wallet)
-raiffeisennews
-idamob.tinkoff.android (Tinkoff)
-tcsbank.c2c (Card 2 Card)
-tinkoff.mgp (Tinkoff Play: apply for a card)
-tinkoff.sme
-tinkoff.goabroad (FSSP FNS Russia)
-webmoney.my (WebMoney Keeper)
-rosbank.android (ROSBANK Online)
-vtb24.mobilebanking.android
-bm.mbm
-vtb.mobilebank (VTB Mobile)
-bssys.VTBClient (Mobile Client VTB)
-bssys.vtb.mobileclient (MobileClientVTB)
-simpls.mbrd.ui
-yandex.money
-simpls.brs2.mobbank
-akbank.android.apps.akbank_direkt (Akbank Direkt)
-akbank.android.apps.akbank_direkt_tablet (Akbank Direkt Tablet)
-akbank.softotp
-fragment.akbank
-ykb.android
-ykb.android.mobilonay
-ykb.avm
-ykb.androidtablet
-veripark.ykbaz
-softtech.iscek
-yurtdisi.iscep
-softtech.isbankasi
-monitise.isbankmoscow
-finansbank.mobile.cepsube
-enpara
-magiclick.FinansPOS (FinansPOS)
-matriksdata.finansyatirim (QNB Finansinvest)
-enpara.sirketim
-vipera.ts.starter.QNB (QNB Mobile)
-redrockdigimark (QNB National Day)
-garanti.cepsubesi (Garanti Mobile Banking)
-garanti.cepbank
-garantibank.cepsubesiro (GarantiBank)
-matriksdata.finansyatirim (QNB Finansinvest)
-mobinex.android.apps.cep_sifrematik
-garantiyatirim.fx (Garanti FX Trader)
-tmobtech.halkbank (Halkbank Mobil)
-SifrebazCep
-newfrontier.iBanking.mobile.Halk.Retail (Halkbank Mobile App)
-com.tradesoft.tradingsystem.gtpmobile.halk (Halk Trade)
-DijitalSahne.EnYakinHalkbank (Halkbank Nerede)
-ziraat.ziraatmobil (Ziraat Mobil)
-ziraat.ziraattablet (Ziraat Tablet)
-matriksmobile.android.ziraatTrader (Ziraat Trader)
-matriksdata.ziraatyatirim.pad (Ziraat Trader HD)
-comdirect.android (comdirect mobile App)
-commerzbanking.mobil (Commerzbank Banking App)
-consorsbank (Consorsbank)
-db.mm.deutschebank
-dkb.portalapp (DKB-Banking)
-de.dkb.portalapp
-ing.diba.mbbr2 (ING-DiBa Banking + Brokerage)
-postbank.finanzassistent (Postbank Finanzassistent)
-santander.de (Santander MobileBanking)
-fiducia.smartphone.android.banking.vr
-creditagricole.androidapp
-axa.monaxa
-banquepopulaire.cyberplus
-bnpparibas.mescomptes
-boursorama.android.clients
-caisseepargne.android.mobilebanking
-lcl.android.customerarea
-paypal.android.p2pmobile
-wf.wellsfargomobile
-wf.wellsfargomobile.tablet
-wellsFargo.ceomobile
-usbank.mobilebanking
-usaa.mobile.android.usaa
-suntrust.mobilebanking
-moneybookers.skrillpayments.neteller
-moneybookers.skrillpayments
-clairmail.fth
-konylabs.capitalone
-yinzcam.facilities.verizon
-chase.sig.android
-infonow.bofa
-bankofamerica.cashpromobile
-co.bankofscotland.businessbank
-grppl.android.shell.BOS
-rbs.mobile.android.natwestoffshore
-rbs.mobile.android.natwest
-rbs.mobile.android.natwestbandc
-rbs.mobile.investisir
-phyder.engage
-rbs.mobile.android.rbs
-rbs.mobile.android.rbsbandc
-co.santander.santanderUK
-co.santander.businessUK.bb
-sovereign.santander
-ifs.banking.fiid4202
-fi6122.godough
-rbs.mobile.android.ubr
-htsu.hsbcpersonalbanking
-grppl.android.shell.halifax
-grppl.android.shell.CMBlloydsTSB73
-barclays.android.barclaysmobilebanking
-ing.mobile (ING Bankieren)
-csob.smartbanking
-sberbankcz (Smart Banking)
-sporoapps.accounts
-sporoapps.skener (Platby)
-cleverlance.csas.servis24 (SERVIS 24 Mobilni banka)
-westpac.bank,nz.co.westpac
-com.suncorp.SuncorpBank (Suncorp Bank)
-stgeorge.bank (St.George Mobile Banking)
-banksa.bank (BankSA Mobile Banking)
-com.newcastlepermanent (NPBS Mobile Banking)
-com.nab.mobile (NAB Mobile Banking)
-com.mebank.banking (ME Bank)
-com.ingdirect.android (ING Australia Banking)
-be (ING Smart Banking)
-imb.banking2 (IMB.Banking)
-fusion.ATMLocator (People’s Choice Credit Union)
-com.cua.mb (CUA)
-commbank.netbank (CommBank)
-cba.android.netbank (CommBank app for tablet)
-citibank.mobile.au (Citibank Australia)
-citibank.mobile.uk (Citi Mobile UK)
-citi.citimobile
-bom.bank (Bank of Melbourne Mobile Banking)
-bendigobank.mobile (Bendigo Bank)
-doubledutch.hvdnz.cbnationalconference2016 (CB Conference 2017)
-com.bankwest.mobile (Bankwest)
-bankofqueensland.boq (BOQ Mobile)
-anz.android.gomoney (ANZ goMoney Australia)
-anz.android
-anz.SingaporeDigitalBanking
-anzspot.mobile
-crowdcompass.appSQ0QACAcYJ (ANZ Investor Tour)
-arubanetworks.atmanz (Atmosphere ANZ)
-quickmobile.anzirevents15 (ANZ Investor Relations Events)
-volksbank.volksbankmobile (Volksbank Banking)
-fiducia.smartphone.android.banking.vr (VR-Banking)
-volksbank.android
-secservizi.mobile.atime.bpaa (Volksbank per tablet)
-fiducia.smartphone.android.securego.vr (VR-SecureGo)
-isis_papyrus.raiffeisen_pay_eyewdg (Raiffeisen ELBA)
-easybank.mbanking (easybank)
-easybank.tablet (easybank app)
-easybank.securityapp (easybank Security App)
-bawag.mbanking (BAWAG P.S.K.)
-bawagpsk.securityapp (BAWAG P.S.K. Security App)
-psa.app.bawag (BAWAG P.S.K. SmartPay)
-pozitron.iscep
-vakifbank.mobile
-pozitron.vakifbank
-starfinanz.smob.android.sfinanzstatus (Sparkasse Ihre mobile Filiale)
-starfinanz.mobile.android.pushtan (S-pushTAN)
-entersekt.authapp.sparkasse (S-ID-Check)
-starfinanz.smob.android.sfinanzstatus.tablet
-starfinanz.smob.android.sbanking (Sparkasse+ Finanzen im Griff)
-palatine.android.mobilebanking.prod (ePalatine Particuliers)
-laposte.lapostemobile (La Poste – Services Postaux)
-laposte.lapostetablet (La Poste HD – Services Postaux)
-cm_prod.bad
-cm_prod.epasal (Epargne Salariale CM)
-cm_prod_tablet.bad
-cm_prod.nosactus
-societegenerale.mobile.lappli
-bbva.netcash (BBVA net cash)
-bbva.bbvacontigo (BBVA | Spain)
-bbva.bbvawallet (BBVA Wallet | Spain)
-bancosantander.apps (Santander)
-santander.app (Santander Brasil)
-cm.android (Bankia)
-cm.android.tablet (Bankia Tablet)
-bankia.wallet (Bankia Wallet)

Other targeted apps:

-amazon.mShop.android.shopping (Amazon Shopping)
-amazon.windowshop (Amazon for Tablets)
-ebay.mobile (eBay: Buy & Sell. Explore Discount Shopping Deals)
-airbnb.android (Airbnb)
-scores365 (365Scores: Sports Scores Live)
-pyrsoftware.pokerstars.net (PokerStars Poker: Texas Holdem)
-pokerstars.cebo.psp (PokerStars Play: Free Texas Holdem Poker Game)
-paster
-pokerstars.eptguide (PokerStars Live)
-pkrstrs191 (PKRSTRS Mobile 2Day App)
-thunkable.android.avenue_mitm.Polonix
-westernunion.android.mtapp (Western Union US – Send Money Transfers Quickly)

The quick heal also suggested that the users should these tips to stay from such malware attacks.

  • Avoid downloading apps from third-party app stores or links provided in SMSs or emails.
  • Always keep ‘Unknown Sources’ disabled. Enabling this option allows installation of apps from unknown sources.
  • Most importantly, verify app permissions before installing any app even from official stores such as Google Play.
  • Install a reliable mobile security app that can detect and block fake and malicious apps before they can infect your device.
  • Always keep your device OS and mobile security app up-to-date.