Android Banking Trojan Masquerades As Flash Player, Circumvents 2FA

A newly found Android trojan is targeting customers of large banks in Australia, New Zealand and Turkey. The banking malware, flagged as Android/Spy.Agent.SI by ESET security firm, disguises itself as Flash Player and spreads via unofficial app stores. It can steal login credentials of users from 20 mobile banking apps, and can also mimic login screens of popular services such as PayPal, eBay, Skype, WhatsApp and several Google services. The Android trojan is able to intercept SMS communications, which in turn, allows it to circumvent the two-factor authentication.

Re:Intercept SMS?

[Chrisq]

This is one of my pet hates about android (and I'm generally a fan). A lot of apps ask for that permission but just for registration. Up until the latest version (and still on one of my phones) you had to accept this permission to register but then had no way to revoke it afterwards, so you had to hope for the lifetime of the app that it wasn't compromised and wouldn't start messaging premium-rate SMS services or forwarding your message.

Re:More Complete Pwnage

[Arnold+Reinhold]

Scroll down two stories to read the usual Slashdot sneering about Apple products.

No Flash

[DrYak]

Actually *NOT* playing flash (even more so flash ads) would be a *positive* feature.
Almost redeeming its trojan-ness.

Re:Intercept SMS?

[castionsosa]

That is only if the app developer allows that in the manifest. Otherwise, the app falls back to the all or nothing permission model.

The best solution is XPrivacy/XPosed, but IIRC, that hasn't worked since Android 5 came out. Second best solution is either CyanogenMod, or if you can read Chinese and choose to trust the app, LBE Privacy Master.

That's funny

[JustAnotherOldGuy]

"The banking malware ... disguises itself as Flash Player..."

That's funny, usually it's the other way around.