A new android banking trojan spotted in the wild that replaces the legitimate South-Korean banking android apps spreads via phishing sms attacks, reports McAfee Labs.
South-Korean bank users are being targeted with a fake message that purportedly coming from Financial Services Commission. The message asks users to install the new anit-malware protection.
Unwitting user who follows the link provided in the sms and installs the app putting himself at risk. The malware app silently attempts to uninstall the legitimate south-korean banking apps. However, the malware is able to uninstall the apps only if the device is rooted.
If the device is not rooted, the malware asks users to uninstall the legitimate app and urge them to install another app with the same icon but with suspicious permission request.
The trojan then asks users to enter the banking credentials such as account number, password, Internet banking ID, social security number. The collected info is later sent to remote server.
"McAfee Mobile Security detects this threat as Android/FakeBankDropper.A and Android/FakeBank.A and alerts mobile users if it is present".
South-Korean bank users are being targeted with a fake message that purportedly coming from Financial Services Commission. The message asks users to install the new anit-malware protection.
Unwitting user who follows the link provided in the sms and installs the app putting himself at risk. The malware app silently attempts to uninstall the legitimate south-korean banking apps. However, the malware is able to uninstall the apps only if the device is rooted.
If the device is not rooted, the malware asks users to uninstall the legitimate app and urge them to install another app with the same icon but with suspicious permission request.
The trojan then asks users to enter the banking credentials such as account number, password, Internet banking ID, social security number. The collected info is later sent to remote server.
"McAfee Mobile Security detects this threat as Android/FakeBankDropper.A and Android/FakeBank.A and alerts mobile users if it is present".