Banks have sent malware alerts, asking their customers to use mobile banking securely.
The malware "Android.banker.A2f8a" (earlier detected as Android.banker.A9480) targets 232 banking/finance apps.
These 12 major Indian banking apps are also on the list.
Indian mobile banking apps at risk of malware
Steals confidential banking information using fake login screens
Android.banker.A2f8a malware is distributed through a fake Flash Player in third-party app stores.
Once it finds any of the 232 targeted apps on the device, it sends fake notifications to users, redirects them to a fraudulent login screen (overlaid on top of legitimate apps), and steals banking credentials (ID and password).
It can also hijack SMS, send USSD requests, and steal contacts lists.
How to protect your banking details?
Always use Google Play Store for downloading banking/finance apps and not third-party stores.
Never click on links sent via SMS/emails (except from banks); they may be from attackers. Install security apps that detect malware.
Karur Vysya Bank pointed out that Android (4.1 and above) mobile-browsers have built-in Adobe Flash player.
Next, take a look at the targeted apps and what information attackers can steal.
Love Tech news?
Stay updated with the latest happenings.
SBI Anywhere Personal
SBI Anywhere Personal app also on attackers' list
The country's biggest lender SBI's official "SBI Anywhere Personal" app is also on the malware's radar.
It offers services related to banking, transfers, fixed/recurring deposits, UPI payments, mPassbook, debit card blocking, recharges/bill payments, etc.
Even iMobile by ICICI Bank is at risk
India's largest private bank ICICI Bank's official Android app "iMobile" provides over 150 banking/informational services to customers.
Once customers log in, they can avail services like mobile banking, UPI based payments, InstaBanking, bill payments, etc.
HDFC Bank Apps
HDFC's official Android app, lighter version targeted
HDFC Bank MobileBanking app offers account-related services, transfers, bill payments, etc.
HDFC Bank MobileBanking LITE works without Internet. Users need not login; it works from registered mobile numbers. It may be easier for hackers gain access; they don't require login credentials.
Both the apps are available on Google Play Store. Users can give a missed call on 1800-270-3344 for the regular app's download link.
Axis Mobile: Axis Bank's primary mobile banking app
Axis customers need to log in to Axis Mobile app to avail over 60 services/features.
It's essential to understand that one can download the app only from Google Play Store or by giving a missed call on 18004190231 or by sending "SMS MBANK" to 5676782.
Users can pay bills/recharges, locate ATMs/branches, check offers, and avail services related to bank accounts, credit cards, etc.
Use mobile banking in digitally secure manner: IDBI Bank
IDBI Bank GO Mobile+ (for mobile-banking), Abhay by IDBI Bank Ltd (better control over debit cards), IDBI Bank GO Mobile (mobile-banking), IDBI Bank mPassbook (viewing passbooks) apps are also among the targeted apps.
IDBI informed its customers to adopt safe practices, requesting them not to install apps from unknown/untrusted sites.
It warned them against using rooted Android and jailbroken iPhone devices for transactions.
Baroda mPassbook on the list, too
Bank of Baroda's "Baroda mPassbook" mobile app offers a mobile version of the physical passbook. Users can view and download updated information about their Bank of Baroda savings, current, credit card, loan, and deposit accounts. The app is currently available only on Google Play Store.