Android banking malware exploits weaknesses to perform info-stealing operations: Report 

A new banking malware was found exploiting weaknesses in Android to steal users’ information which was then being shared with threat actors 

Published - April 18, 2024 02:27 pm IST

A new Android banking malware was found exploiting weaknesses to perform information stealing operations.

A new Android banking malware was found exploiting weaknesses to perform information stealing operations. | Photo Credit: Reuters

A new Android banking malware was found exploiting weaknesses in the Android manifest extraction and parsing procedure to perform information stealing operations. The malware is reported to be capable of evading standard security measures found in Android, making use of Android routine to parse and extract APK manifests, which is used to define the structure and store the Metadata of an application.

The malware was found to be capable of stealing user information including IP addresses, contact lists, account details, SMS messages, photos, videos, and online banking digital certificates. This exfiltration by the malware was found to be controlled remotely via a server, and could also receive commands to perform malicious activities. These include deleting existing or adding contacts, sending an SMS message, setting ringtone volume levels, and turning the debug mode on and off on a device.

While the method of infection of devices is unclear, researchers suggest that the malware may be rechecking devices over third-party Android stores and unsafe websites. Researchers also suggest that the malware may be spread through updates for apps with malicious code in legitimate apps.

The malware was first detected and analysed by Kaspersky researchers, who found that the malware can use malicious APKs to fool security tools and evade analysis. Researchers further reported that the malware uses three different approaches that involve manipulation of the manifest file’s compression and size, to bypass checks in the Android operating system.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

Like many malicious Android apps, the malware hides its icon upon installation in a device, making it more difficult to remove and detect. However, it remains active in the background, sharing the stolen data with threat actors.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.