Android malware resurfaces that steals your bank details and stops you calling for help


Android users are being warned about a new strain of malware which steals bank details and blocks you from calling your bank to report suspicious activity on your account.

Dubbed Android.Fakebank.B, the malware first started infecting phones in 2013, however a new strain has now been unearthed by US based cyber security firm Symantec.

The malicious app works by replacing banking apps on your device with a cleverly designed fake, which allows cyber criminals to access your account and transfer funds.

When a user then spots the scam and tries to report it to their bank, the app blocks any customer service numbers from being called from the infected handset, preventing the user from reporting fraudulent transactions.

Of course the malware is unable to prevent people from reporting to their banks in person or via an alternative method such as by email or online. However, until they do this, the hackers have complete access to their bank account.

In order to reduce the chances of your phone being infected with Android.Fakebank.B or any other form of Android malware, Symantec recommends users do the following:

– Keep your software up to date

– Refrain from downloading apps from unfamiliar sites and only install apps from trusted sources

– Pay close attention to the permissions requested by apps

– Install a suitable mobile security app, such as Norton, to protect your device and data

– Make frequent backups of important data

It is not yet known how many devices have been infected with Android.Fakebank.B, although it has been mainly targeting devices in Russia and South Korea.

The discovery of this particular strain of malware comes just two weeks after more than 260,000 Android phones in Thailand and more than 10 million worldwide were infected with the HummingBad malware.

Discovered by security researchers from Check Point, HummingBad works by taking root access of an Android phone in order to steal personal data such as emails, online banking information and passwords.

It also flooded infected devices with fraudulent advertising links used to generate illegal ad revenue for its creators.  

Source: Symantec


Comments are closed.