Internet security company Quick Heal Technologies Ltd has highlighted two Trojans mimicking banking and social media applications on mobile devices. A Trojan is a malware or malicious computer program that infects devices to mimic other genuine softwares and then extracts sensitive data from the affected system.
The Trojans, identified as Android.Marcher.C and Android.Asacub.T, try to take advantage of mobile users’ behaviour to trick them into sharing sensitive information like login credentials to banking or related applications as well as social media accounts.
If you use official apps stores of Android, Apple or Microsoft, you have little reason to worry; if you download from third-party app stores, you better be careful when using your bank, payment services and social media apps and sharing any sensitive data.
How do they work?
These Trojans can appear on your mobile from time to time, usually as an emergency update in third-party app stores or when you click on a malicious link.
Trojans can track targeted banking, payment and social media apps whenever you use them. When you open such an app, the Trojan will overlay the screen with a fake screen, which will appear identical to the original screen of the app.
Once it captures the required credentials, it will show an error and then start using the credentials on its own or pass on to the details to the creators of the Trojan.
“The data collected is sold to the highest bidder. There is a lot of interest for all these usernames and passwords, including those of social media on the internet. They will try to get whatever sensitive information possible, that can be misused for some illegal activity,” said Sanjay Katkar, co-founder and chief technology officer, Quick Heal.
Even compromised social media can affect you. “There is something called federated access, wherein credentials from one place are used as login credentials for some application. When your social media credentials are stolen, apart from the complete breach of privacy, access to other applications that use the credentials get compromised,” said Akshay Garkel, partner, Grant Thornton India LLP.
One of the Trojans detected by Quick Heal keeps repeatedly asking for credit card details and that screen does not go away unless you input some details, Katkar said.
Virus screens are difficult to remove. Sticky screens that keep popping up or do not have proper exit or back options, apps asking for unusual details are major indications that your device has been affected by Trojans. For instance, a banking app does not usually ask for your credit card number for logging in.
What should you do
The best way to protect yourself online is to not share crucial data randomly and avoid use of unauthorised applications. “Many people go to third-party stores because many apps that are otherwise paid are available for free there,” Katkar said.
Always use applications downloaded or purchased from authorised stores like Google Play Store or Apple App Store and do not click on flashy links offering unrealistic deals that you find online or get in a WhatsApp forward, SMS or email.
Always try to check permissions before installing any app from official stores to keep a tab on whether they are seeking permissions that are not required for their functioning.