Symantec's advice is, predictably, not to download apps from anywhere except the Google Play store and to use anti-malware protection on your Android device. A blog by Quick Heal Security Labs has brought to notice the existence of this malware named "Android.banker.A9480' that targets over 232 banking, cryptocurrency and e-commerce apps".
A number of apps run by prominent Indian banks like the State Bank of India, Axis Bank, HDFC Bank, ICICI Bank, IDBI Bank, Union Bank of Commerce, and Bank of Baroda have so far been targeted by the trojan.
Not only banking apps, this malware is also targeting cryptocurrency apps present on the user's phone where it is reportedly stealing similar sensitive data.
Mane said that Flash's popularity makes it a common target for hackers. Deep linking in Android is a way to identify a specific piece of content or functionality inside an app. "Once this is done, the malicious app hides its icon soon after the user taps on it", the report added.
The trojan imitates 232 Android mobile banking apps including the likes of SBI, HDFC etc.
What makes the malware particularly risky is that even if the user denies permission or administrative right or tries to kill the process on the device, "it keeps throwing continuous pop-ups until the user activates the admin privilege", said Mane.
Furthermore, the malicious application has the ability to intercept all incoming and outgoing SMSs from the infected device with which the attackers bypass the two-factor verification.
Once the users click the arrow button (as shown in the image below) to proceed, the malware immediately sends the login credentials to its remote server.
The Fakeapp variant in question uses a spoofed Uber app user interface (UI) which appears on the screen of the affected device at regular intervals until it succeeds to trick users into entering their Uber ID and password.
In order to stay safe from this and other banking trojans, users should avoid downloading apps from third-party app stores or from links provided in texts or emails.
'Because this phishing technique requires consumers to first download a malicious app from outside the official Play store, we recommend only downloading apps from trusted sources.
As an extra precaution, go through the list of permissions every app requests from you during installation.