Once the malware has this access, it is able to trick sensitive information from the user such as banking credentials, passwords, card details, etc. whenever the user opens one of the apps the trojan is designed to imitate. This is done by displaying a fake window asking for the credit/debit card number of the user without which, the user is unable to access the app.
Sanjay Katkar, Co-founder and CTO of Quick Heal Technologies Limited, said, “Indian users often download unverified apps from third-party app stores and links sent through SMS and email. This gives hackers a lucrative opportunity to steal confidential information from unsuspecting users.”
He also said the company has detected three other similar malware in less than six months and that it seems like hackers are now targeting mobile users as they are “far more vulnerable to sophisticated phishing attacks”.
Android users are advised to practice caution when downloading apps and to only download them from trusted sources. Always verify app permissions and install a reliable mobile security app.