232 Indian Finance And Banking Apps Banged By Android Malware

232 Indian Finance And Banking Apps Banged By Android Malware

It seems like the Internet is not receiving a fine start in 2018. While Intel declared the news for its huge fault impacting various devices, a fresh malware for Android is now discovered to affect various banking apps of India.

Found by Quick Heal, this malware of Android is claimed to impact some cryptocurrency and over 232 Indian banking apps, comprising those provided by the banks of the India. The malware is dubbed as “Android.banker.A9480.” It has been cited that similar to other malware discovered in handsets, this too is developed to steal the login credentials of the user.

232 Indian Finance And Banking Apps Banged By Android Malware

Here are some of the targeted baking apps in India:

  • mobile (Axis Mobile)
  • hdfc (HDFC Bank MobileBanking)
  • SBIFreedomPlus (SBI Anywhere Personal)
  • hdfcquickbank (HDFC Bank MobileBanking LITE)
  • icici.bank.imobile (iMobile by ICICI Bank)
  • IDBI (IDBI Bank GO Mobile+)
  • abhay_card (Abhay by IDBI Bank Ltd)
  • idbi (IDBI Bank GO Mobile)
  • mpassbook (IDBI Bank mPassbook)
  • bankofbaroda.mpassbook (Baroda mPassbook)
  • ecommerce.mobile.android (Union Bank Mobile Banking)
  • ecommerce.mobile.commercial.legacy (Union Bank Commercial Clients)
  • Here are the targeted crypto-currency apps:
  • bfxapp (Bitfinex)
  • cavirtex (Bitcoinium)
  • mtgoxwidget (Bitcoin Ticker Widget)
  • cointransaction (Bitcoin/Altcoin chart, alarm, ticker)
  • bitcoinsw (Flux Bitcoin Widget)
  • btcprice (Bitcoin Price)
  • allexchanges (Crypto Prices All-in-One)
  • android (Blockchain – Bitcoin & Ether Wallet)
  • merchant (Blockchain Merchant)
  • wubsprepaid (WUBS Prepaid)
  • mywallet (BTC.com – Bitcoin Wallet)
  • btcsafari (BTC SAFARI – Free Bitcoin)
  • bitcoinpriceiq (Bitcoin Price IQ)
  • wallet (Bitcoin Wallet)
  • blockfolio (Blockfolio Bitcoin / Altcoin App)
  • freewallet.app (Bitcoin Wallet by Freewallet)
  • crane.money (Bitcoin NewsCrane)
  • app (Bitcoin CoinMarketCap.com (unofficial) / Altcoin)
  • coinpaymentsapp (CoinPayments)
  • freewallet.app (Bitcoin Cash Wallet by Freewallet)
  • coinmarketcapp (CoinMarketCapp – Blockchain Cryptocurrencies)
  • cryptostory (CryptoStory – Cryptocurrency Portfolio)
  • wallet (Dogecoin Wallet)

Here are other banking apps that are targeted by the malware:

  • sberbankmobile
  • spasibo
  • sberbank_sbbol
  • mobileoffice
  • sberbankir (Sberbank IR)
  • mobile.android
  • oavdo.amc
  • alfa
  • sense
  • app (Alfa-Direct)
  • mw (Visa QIWI Wallet)
  • raiffeisennews
  • tinkoff.android (Tinkoff)
  • c2c (Card 2 Card)
  • mgp (Tinkoff Play: apply for a card)
  • sme
  • goabroad (FSSP FNS Russia)
  • my (WebMoney Keeper)
  • android (ROSBANK Online)
  • mobilebanking.android
  • mbm
  • mobilebank (VTB Mobile)
  • VTBClient (Mobile Client VTB)
  • vtb.mobileclient (MobileClientVTB)
  • mbrd.ui
  • money
  • brs2.mobbank
  • android.apps.akbank_direkt (Akbank Direkt)
  • android.apps.akbank_direkt_tablet (Akbank Direkt Tablet)
  • softotp
  • akbank
  • android
  • android.mobilonay
  • avm
  • androidtablet
  • ykbaz
  • iscek
  • iscep
  • isbankasi
  • isbankmoscow
  • mobile.cepsube
  • enpara
  • FinansPOS (FinansPOS)
  • finansyatirim (QNB Finansinvest)
  • sirketim
  • ts.starter.QNB (QNB Mobile)
  • redrockdigimark (QNB National Day)
  • cepsubesi (Garanti Mobile Banking)
  • cepbank
  • cepsubesiro (GarantiBank)
  • finansyatirim (QNB Finansinvest)
  • android.apps.cep_sifrematik
  • fx (Garanti FX Trader)
  • halkbank (Halkbank Mobil)
  • SifrebazCep
  • iBanking.mobile.Halk.Retail (Halkbank Mobile App)
  • tradesoft.tradingsystem.gtpmobile.halk (Halk Trade)
  • EnYakinHalkbank (Halkbank Nerede)
  • ziraatmobil (Ziraat Mobil)
  • ziraattablet (Ziraat Tablet)
  • android.ziraatTrader (Ziraat Trader)
  • ziraatyatirim.pad (Ziraat Trader HD)
  • android (comdirect mobile App)
  • mobil (Commerzbank Banking App)
  • consorsbank (Consorsbank)
  • mm.deutschebank
  • portalapp (DKB-Banking)
  • dkb.portalapp
  • diba.mbbr2 (ING-DiBa Banking + Brokerage)
  • finanzassistent (Postbank Finanzassistent)
  • de (Santander MobileBanking)
  • smartphone.android.banking.vr
  • androidapp
  • monaxa
  • cyberplus
  • mescomptes
  • android.clients
  • android.mobilebanking
  • android.customerarea
  • android.p2pmobile
  • wellsfargomobile
  • wellsfargomobile.tablet
  • ceomobile
  • mobilebanking
  • mobile.android.usaa
  • mobilebanking
  • skrillpayments.neteller
  • skrillpayments
  • fth
  • capitalone
  • facilities.verizon
  • sig.android
  • bofa
  • cashpromobile
  • bankofscotland.businessbank
  • android.shell.BOS
  • mobile.android.natwestoffshore
  • mobile.android.natwest
  • mobile.android.natwestbandc
  • mobile.investisir
  • engage
  • mobile.android.rbs
  • mobile.android.rbsbandc
  • santander.santanderUK
  • santander.businessUK.bb
  • santander
  • banking.fiid4202
  • godough
  • mobile.android.ubr
  • hsbcpersonalbanking
  • android.shell.halifax
  • android.shell.CMBlloydsTSB73
  • android.barclaysmobilebanking
  • mobile (ING Bankieren)
  • smartbanking
  • sberbankcz (Smart Banking)
  • accounts
  • skener (Platby)
  • csas.servis24 (SERVIS 24 Mobilni banka)
  • bank,nz.co.westpac
  • suncorp.SuncorpBank (Suncorp Bank)
  • bank (St.George Mobile Banking)
  • bank (BankSA Mobile Banking)
  • newcastlepermanent (NPBS Mobile Banking)
  • nab.mobile (NAB Mobile Banking)
  • mebank.banking (ME Bank)
  • ingdirect.android (ING Australia Banking)
  • be (ING Smart Banking)
  • banking2 (IMB.Banking)
  • ATMLocator (People’s Choice Credit Union)
  • cua.mb (CUA)
  • netbank (CommBank)
  • android.netbank (CommBank app for tablet)
  • mobile.au (Citibank Australia)
  • mobile.uk (Citi Mobile UK)
  • citimobile
  • bank (Bank of Melbourne Mobile Banking)
  • mobile (Bendigo Bank)
  • hvdnz.cbnationalconference2016 (CB Conference 2017)
  • bankwest.mobile (Bankwest)
  • boq (BOQ Mobile)
  • android.gomoney (ANZ goMoney Australia)
  • android
  • SingaporeDigitalBanking
  • mobile
  • appSQ0QACAcYJ (ANZ Investor Tour)
  • atmanz (Atmosphere ANZ)
  • anzirevents15 (ANZ Investor Relations Events)
  • volksbankmobile (Volksbank Banking)
  • smartphone.android.banking.vr (VR-Banking)
  • android
  • mobile.atime.bpaa (Volksbank per tablet)
  • smartphone.android.securego.vr (VR-SecureGo)
  • raiffeisen_pay_eyewdg (Raiffeisen ELBA)
  • mbanking (easybank)
  • tablet (easybank app)
  • securityapp (easybank Security App)
  • mbanking (BAWAG P.S.K.)
  • securityapp (BAWAG P.S.K. Security App)
  • app.bawag (BAWAG P.S.K. SmartPay)
  • iscep
  • mobile
  • vakifbank
  • smob.android.sfinanzstatus (Sparkasse Ihre mobile Filiale)
  • mobile.android.pushtan (S-pushTAN)
  • authapp.sparkasse (S-ID-Check)
  • smob.android.sfinanzstatus.tablet
  • smob.android.sbanking (Sparkasse+ Finanzen im Griff)
  • android.mobilebanking.prod (ePalatine Particuliers)
  • lapostemobile (La Poste – Services Postaux)
  • lapostetablet (La Poste HD – Services Postaux)
  • bad
  • epasal (Epargne Salariale CM)
  • bad
  • nosactus
  • mobile.lappli
  • netcash (BBVA net cash)
  • bbvacontigo (BBVA | Spain)
  • bbvawallet (BBVA Wallet | Spain)
  • apps (Santander)
  • app (Santander Brasil)
  • android (Bankia)
  • android.tablet (Bankia Tablet)
  • wallet (Bankia Wallet)

Other targeted apps:

  • mShop.android.shopping (Amazon Shopping)
  • windowshop (Amazon for Tablets)
  • mobile (eBay: Buy & Sell. Explore Discount Shopping Deals)
  • android (Airbnb)
  • scores365 (365Scores: Sports Scores Live)
  • pokerstars.net (PokerStars Poker: Texas Holdem)
  • cebo.psp (PokerStars Play: Free Texas Holdem Poker Game)
  • paster
  • eptguide (PokerStars Live)
  • pkrstrs191 (PKRSTRS Mobile 2Day App)
  • android.avenue_mitm.Polonix
  • android.mtapp (Western Union US – Send Money Transfers Quickly)

Quick Heal claims that the malware takes control of the SMS and then transfers SMS and contact lists on a malicious server. The malware dialyses an overlay screen on the handsets over legitimate applications. The overlay display is in fact meant to arrest the login information of the consumers so as to transport it to the servers.

“If any one of the mentioned application is discovered on the infected handset, the app displays a false alert in support of the aimed banking application. If the consumer taps on the message, they are shown a false login display to grab the confidential info of the user such as password and login ID of net banking,” claims Quick Heal’s Bajrang Mane to the media in an interview.

Be the first to comment

Leave a Reply

Your email address will not be published.


*