Aussie bank apps hit by malware attack

by |
Australia's largest banks have been the target of a sophisticated Android attack, stealing customers' banking details and breaking past two-factor authentication security, according to the Sydney Morning Herald. 

Commonwealth Bank, Westpac, National Australia Bank and ANZ Bank customers are all at risk from the malware, which superimposes a bogus login screen over the top of the legitimate banking apps to obtain usernames and passwords.

The malware is able to mimic the appearance of 20 different mobile banking apps from Australia, New Zealand and Turkey, as well as login screens for PayPal, eBay, Skype, WhatsApp and several Google services.

Apart from Australia's Big Four banks it targets a range of other financial institutions including Bendigo Bank, St. George Bank, Bankwest, ME Bank, ASB Bank, Bank of New Zealand, Kiwibank, Wells Fargo, Halkbank, Yapı Kredi Bank, VakıfBank, Garanti Bank, Akbank, Finansbank, Türkiye İş Bankası and Ziraat Bankası.

"This is a significant attack on the banking sector in Australia and New Zealand, and shouldn't be taken lightly," says ESET senior research fellow Nick FitzGerald.

"While 20 banking apps have been targeted so far, there's a high possibility the e-criminals involved will further develop this malware to attack more banking apps in the future."