[SingCERT] Malware Targeting Mobile Banking
15 December 2015
The Association of Banks in Singapore (ABS) released an advisory on 1st December 2015, alerting consumers about the recent malware infection on Android smartphones used by mobile banking customers. It is noted that about 50 such incidents have been reported and the victims are predominantly customers of major banks in Singapore.
The malware is downloaded when the user clicks on a malicious URL or has installed an application from untrusted sources. The malware disguises itself as a legitimate application such as Adobe Flash Player (which is misspelt as “Abode”) and tricks users into allowing it to be installed into the smartphone. Upon installation, the malware can access sensitive information such as user credentials and personal particulars. The malware affects Android users using Android version 2.3 and above.