Smartphone banking app malware hacks SMS codes

Smartphone banking app malware hacks SMS codes

A dangerous new banking app malware has successfully bypassed smartphone security used by some of the world’s biggest banks.

Customers of Australia’s four biggest banks, and numerous New Zealand Banks, have all been declared at risk from the malware which activates when using a banking app, copying details from login screens.

Most worryingly, the malware can also divert two-factor authentication codes sent to a given smartphone by SMS – and pass the code to criminals, breaking a tried and trusted system used by many online financial apps around the world.

ESET security systems (commonly deployed by commercial clients for server and endpoint security) recently detected the extremely sophisticated malware, which downloads via fake Adobe Flash windows on video streaming websites.

On Android, personal users can uninstall the malware manually via Settings > Apps > Flayer > Uninstall, and are advised to only accept approved downloads from trusted public sources such as Google Play.

Commercial clients should take similar precautions against banking app malware and similar, protecting company devices behind specialist security systems.

 

For IT security advice and support, contact Lineal today by clicking here.