The latest android threat going after your bank account and how to stop it dead in its tracks with one simple setting.
The malware gets onto android devices via compromised web pages by posing as the Adobe Flash Player application often used to play streaming video. The malicious app gains administrator rights to the device, scans for banking applications and then reports back to a command and control server to download fake login screens for the identified banking app.
The malware then waits for the next time you use your banking app on the infected device and overlays the fake login screen, captures your login details and even intercepts SMS verifications sent from the bank to bypass two factor authentication. Very crafty indeed.
The malware currently has the ability to mimic 20 mobile banking apps from Australia, NewZealand and Turkey as well as PayPal, eBay, Skype, WhatsApp and a number of Google services and has been labelled a significant attack on the Australia and New Zealand banking sectors.
One of the simplest ways to protect yourself is to restrict the installation of Apps to the authorised app stores like the Google Play Store or the Amazon App Store. This is easily done by going to your Android Settings, Security and then make sure that Unknown Sources is disabled.
This will prevent installation of the malware in the first place and protect you from other malware that uses the same technique to get onto your Android device.