Security researchers at ESET have discovered a new piece of Android malware that poses as Flash Player, but instead steals login credentials from roughly 20 mobile banking apps.
Dubbed Android/Spy.Agent.SI, the Android banking Trojan was observed in a campaign targeting customers of large banks in Australia, New Zealand and Turkey and is capable of intercepting SMS communications, meaning that it was designed to bypass SMS-based 2FA (two-factor authentication) systems.
ESET’s Lukas Stefanko explains that the malware was hosted on several domains that were registered early this year, with the URL paths to the malicious APK being regenerated each hour, in an attempt to avoid URL detection.
Leave a reply
