SLCERT issues a “High” threat warning on a New Android Malware which Could Steal Sensitive Financial Information.
It’s capable of reading users SMS in order to hijack SMS-based 2 factor authentications. Reports of PayPal, HSBC & crypto wallets targeted.
Full Statement from SLCERT
New Android Malware Could Steal Your Sensitive Information
Threat Level
High
Overview
A new malware type that is abusing android’s accessibility feature to capture sensitive financial data from victims devices has been identified.
Description
Malware is targeting over 200 financial applications including banking, money transfer services and crypto-currency wallets such as PayPal, Barclays, HSBC and Capital-One etc. This Malware is capable of reading user SMS messages in order to hijack SMS-based two factor authentication.
This Malware campaign was first identified in March 2020 and it masks its malicious intent by pretending to be a legitimate application such as Adobe flash, Microsoft Word etc.
Impact
- Risk of Exposure of your personal information
- Financial loss
- Malware distribution
Solution/ Workarounds
- Use official google store to download application
- Read comment section before downloading the application to check the credibility
- Enable Google Play protect
Reference
Disclaimer
The information provided herein is on “as is” basis, without warranty of any kind