A ‘High’ category threat warning had been issued by CERT over a new android malware, which the watchdog said had the capability of capturing sensitive financial data from android devices in the form of a legitimate mobile application.
The Computer Emergency Readiness Team/Co-ordination Centre (CERT|CC) in the warning said the new malware type abused android’s “accessibility permissions” feature to capture sensitive financial data from devices.
“The malware has targeted over 200 financial applications including banking, money transfer services and crypto-currency wallets such as PayPal, Barclays, and Capital-One among others,” CERT said.
This malware has the capability of reading user SMS messages to hijack SMS-based two-factor authentication, the CERT|CC said.
“This Malware threat was first identified in March 2020 and it masks its malicious intent by pretending to be legitimate applications such as Adobe Flash, Microsoft Word etc.
“Once infected by this malware there is a risk of exposure to victims’ personal information. It could lead to financial loss,” CERT|CC said.
The CERT|CC requested android mobile users to use the official Google store to download their secondary applications (Apps).
CERT also requested the user to read the comments section of the respective application before to check the credibility. The users should enable Google Play to Protect reference to avoid falling victim to the malware. (Chaturanga Samarawickrama)