ANDROID ALERT – bank app malware warning

If you use an Android phone or device, this could concern you.

At 1:30pm today (Thursday March 10) the Sydney Morning Herald, reported that malware has hijacked Android banking apps for Australia’s big four banks.

Screen Shot 2016-03-10 at 10.05.03 pm

Commonwealth Bank, Westpac, National Australia Bank and ANZ Bank customers are all at risk from the malware which hides on infected devices waiting until users open legitimate banking apps. The malware then superimposes a fake login screen over the top in order to capture usernames and passwords.

The malware is designed to mimic 20 mobile banking apps from Australia, New Zealand and Turkey, as well as login screens for PayPal, eBay, Skype, WhatsApp and several Google services. (full story here)

WHAT SHOULD YOU DO TO PROTECT YOURSELF? If you are an Android phone or tablet owner, you may want to consider acting on the following:

1. Essential: Do not open any bank app on an Android device – don’t tap or touch, just delete the app, until you hear more from your bank.

2. Mandatory: install a virus app on all Android devices and phones. Avast is free and excellent. Your home computer antivirus program can come with up to five licenses, which might include versions for your android phone – it’s worth checking out. This link has a list of more security apps.

3. Immediately. If you use a banking app on your Android, change your banking PIN/passcode. NOW. But NOT on your Android phone. Do it by phoning or through your computer browser or Apple device. If you use that same PIN/passcode for any other account, it may now compromised – go change those now, too.

4. Consider banking within a secure password vault called Lastpass (browser and app). It is convenient and very secure. You open the Lastpass app, launch your bank within the app’s vault, the login is automatic and opens within the app – no need to keyboard in your password (great if you ARE using free Wi-Fi). And, you do not have to remember the password, making it easy to create a different password for every account.

5. Don’t use the same PIN/password for every account. If you have problems remembering them, use the Lastpass password generator, or create a secure easy to remember password from a phrase or poem. Here is a mnemonic password generator that will create an easy to remember password for you.

6. All users, on all operating systems, should be very wary of using free Wi-Fi. It is much easier for hackers to come into your device through unsecured Wi-Fi.

7. Enable 2-factor authentication on all apps (after removing the specific apps mentioned above)

PLEASE NOTE users of Paypal, eBay, Skype and WhatsApp – at this stage the malware seems just attacking the banking apps, so delete them and scan the device …if you think your device has been affected, then change ALL your passwords.

It’s a good idea to ensure this option (under SETTINGS and SECURITY) is set to OFF on your Android mobile device:


This article produced by BIRRR, with assistance from a number of tech experts.