Beware of the app that’s out to empty your bank account

Cyber security company ESET has discovered a dangerous new application that is targeting Android devices.

The app, which was detected by ESET security software last month, can download additional malware – which is software that is intended to damage or disable devices and computer systems.

The app, dubbed the Android/TrojanDownloader.Agent.JI, is distributed via compromised websites and masquerades as an Adobe Flash Player update.

Once unwary users instal it, it creates a fake ‘Saving Battery’ service in the Android system and asks a victim to grant it crucial permissions within Android’s accessibility functions.

If granted, these permissions monitor your actions, retrieve window content and turn on ‘explore by touch’, enabling the attacker to mimic your actions and display whatever they want on your screen.

According to Lukáš Štefanko, the ESET malware researcher who led the analysis, the trojan was built to download another trojan designed for siphoning funds from bank accounts.

“It would take only a small change in the code for the user to get served with spyware or ransomware,” he said.

“The key indicator of whether a device has been infected with this malware is the presence of a ‘Saving Battery’ option among services in the accessibility menu in an Android phone,” said Teddy Njoroge, the country manager at ESET East Africa, which specialises in developing security software for IT systems and a wide range of devices.

If a device has been infected, Mr Njoroge says one can either manually uninstall the app by going to Settings, then Application Manager and finally Flash-Player, or use a reputable mobile security app to remove the threat.

Malicious apps

In instances, where users find they have already been tricked into granting the app administrator rights, they should deactivate these rights first by going to Settings, then Security and finally Flash-Player.

“Unfortunately, uninstalling the downloader doesn’t remove malicious apps the downloader might have installed. As with the downloader itself, the best way for cleaning up the device is using a mobile security solution,” said Njoroge.

Ransomware maintained its attractiveness among cybercriminals in 2016, with notable steady growth in mobile malware, which means every mobile device user is vulnerable.

Experts at ESET East Africa advise one to only download apps or updates from a trustworthy source; always check the URL address in your browser; pay attention to what permissions and rights apps request; and get a mobile security solution.