IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Android RAT malware invades mobile banking apps

A new Android-based RAT malware has threatened to invade users’ mobile banking apps

Mobile malware

A new remote access Trojan malware for Android devices, dubbed com.II, is threatening users' mobile banking data, SMS messages and contact lists.

According to a blog by security vendor FireEye, the offending RAT is able to disable anti-virus systems Android users have in place, before scanning for banking apps and replacing them with fake ones. The malware then installs malicious app updates, steals and sends SMS messages and gains access to contact lists.

The blog claims that com.II "takes Android malware to a new level" by combining so many unwanted activities into a single app. The malware contains a feature called Bank Hijack' and is targeting eight banks in Korea, with fears this could quickly expand to many more.

Paco Hope, principle consultant with Cigital and a UK-based malware expert, restated concerns the RAT could pose a significant threat to mobile banking customers worldwide.

Speaking to SCMagazineUK, he said: "Because of its abstraction, it is likely that it will be used to target lots of different banking populations, and will probably be customised by region, language or jurisdiction.

"Malware of this nature also highlights the role the app store plays in securing a device. Users who accept apps from sources other than the official stores run a much higher risk of installing malware. For all their faults, the official Google and Apple stores play a significant role in protecting the average user from malware. The dangers of third-party app sources are very real."

To gain access, the malware poses as a Google Services Framework' asking users to install it with administrative privileges enabled. It then disables the uninstall option. Of 54 anti-virus systems tested by researchers, only five successfully detected the malware.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022