Finance / New mobile banking Trojan intercepts two-factor authentication texts

New mobile banking Trojan intercepts two-factor authentication texts

Cyber security researchers have discovered new Android malware that can steal login credentials from 20 mobile banking apps and intercept their authentication texts.


ESET’s experts discovered the Android/Spy.Agent.SI Trojan, which they say targets customers of large banks in Australia, New Zealand and Turkey.

According to the researchers, the malware first disguises itself as Adobe Flash Player to trick users into downloading and installing it on their smartphones and tablets.

It then requests administrator rights, which it uses to prevent users from deleting it.

Once active, it identifies any targeted mobile banking apps installed on the device and waits for the user to launch one, at which point it loads a fake overlaid login screen.

If the user enters their login data, this screen closes and the app continues as usual. The stolen information is sent in plain text to the cyber criminals’ server.

The malware is also capable of intercepting text messages to bypass two-factor authentication measures, hiding them from the user to avoid arousing suspicion.

In some circumstances, another overlay is used to prevent the user from removing the app’s administrator rights if they try to revoke these privileges.

Mobile banking Trojans are becoming a more prominent threat for smartphone users, entering Kaspersky’s top ten threats of the year for 2015 in December.

Meanwhile, last year saw a “sharp increase” in breaches caused by hacking and malware – but companies and banks are working to combat the cyber threat.

In February, biometric banking was introduced for more than 15 million HSBC and First Direct customers, who can now access their accounts with a voice and fingerprint system.

For more on the Android/Spy.Agent.SI Trojan, see the ESET blog.




Get our latest features in your inbox

Join our community of business leaders