ANDROID ALERT – bank app malware warning

If you use an Android phone or device, this could concern you.

At 1:30pm today (Thursday March 10) the Sydney Morning Herald, reported that malware has hijacked Android banking apps for Australia’s big four banks.

Screen Shot 2016-03-10 at 10.05.03 pm

Commonwealth Bank, Westpac, National Australia Bank and ANZ Bank customers are all at risk from the malware which hides on infected devices waiting until users open legitimate banking apps. The malware then superimposes a fake login screen over the top in order to capture usernames and passwords.

The malware is designed to mimic 20 mobile banking apps from Australia, New Zealand and Turkey, as well as login screens for PayPal, eBay, Skype, WhatsApp and several Google services. (full story here)

WHAT SHOULD YOU DO TO PROTECT YOURSELF? If you are an Android phone or tablet owner, you may want to consider acting on the following:

1. Essential: Do not open any bank app on an Android device – don’t tap or touch, just delete the app, until you hear more from your bank.

2. Mandatory: install a virus app on all Android devices and phones. Avast is free and excellent. Your home computer antivirus program can come with up to five licenses, which might include versions for your android phone – it’s worth checking out. This link has a list of more security apps.

3. Immediately. If you use a banking app on your Android, change your banking PIN/passcode. NOW. But NOT on your Android phone. Do it by phoning or through your computer browser or Apple device. If you use that same PIN/passcode for any other account, it may now compromised – go change those now, too.

4. Consider banking within a secure password vault called Lastpass (browser and app). It is convenient and very secure. You open the Lastpass app, launch your bank within the app’s vault, the login is automatic and opens within the app – no need to keyboard in your password (great if you ARE using free Wi-Fi). And, you do not have to remember the password, making it easy to create a different password for every account.

5. Don’t use the same PIN/password for every account. If you have problems remembering them, use the Lastpass password generator, or create a secure easy to remember password from a phrase or poem. Here is a mnemonic password generator that will create an easy to remember password for you.

6. All users, on all operating systems, should be very wary of using free Wi-Fi. It is much easier for hackers to come into your device through unsecured Wi-Fi.

7. Enable 2-factor authentication on all apps (after removing the specific apps mentioned above)

PLEASE NOTE users of Paypal, eBay, Skype and WhatsApp – at this stage the malware seems just attacking the banking apps, so delete them and scan the device …if you think your device has been affected, then change ALL your passwords.

It’s a good idea to ensure this option (under SETTINGS and SECURITY) is set to OFF on your Android mobile device:

12801114_181270082253033_2488482368619413712_n

This article produced by BIRRR, with assistance from a number of tech experts.

Malware and Spyware Removal Tips for BIRRR Members

A Big thanks to Alan from ‘Smedley’s Engineers – Bits & Bytes’ for providing the following information on Spyware and Malware for Windows users. It will work for all versions of Windows from XP on up to Windows 10.  The use of some free and definitely safe applications and methods listed below can assist in removal of Malware and Spyware that can cause unwanted, unusual and excessive data usage.

These notes are based on experience in dealing with system performance issues and malware, virus and other infestation over a number of years and from shared and sharing of that experience with other Windows support professionals.

Download the following three applications that are all freely available from the: www.bleepingcomputer.com web site. Download them all before executing any of them. I recommend that the three applications be run in the order listed. Also it is important to run them all in order as only partially completing the steps may take your system off-line. At the end a reboot of the system initiated by Adwcleaner is an absolutely essential step.

Save any open work before proceeding.

There are detailed descriptions of each utility on the same page and more technical details of each ore available on their home pages.

Using the “Download Now” will get you the most current version of each one. The http://www.bleepingcomputer.com web pages also list other utilities that may be needed in more complex infestations but these are the three that I use almost all of the time.

JRT – Junkware Removal Tool 

  1. Save it to a known location on your computer.
  2. Execute the JRT.exe once it has completed downloading. It is a Command Line interface, it checks itself to verify that the newest version is being run and will update itself if necessary.
  3. Follow the prompt to press any key to continue. If “System Restore” is disabled the creation of a “System Restore Point” creation will fail. The application may show some commands that it cannot perform. This is dependant of the individual system configuration. As JRT runs it may stop any already running processes including open web browsers.
  4. Once it has finished it will produce a notepad txt file of the items it has cleaned or eliminated.

Roguekiller 

  1. Save it to a known location on your computer.
  2. Execute the Roguekiller.exe once it has completed downloading. It will run an initial check on the system as well as check that it is the current version.
  3. Once the check has completed press the Scan button to continue. The completed scan will show any Processes, Registry settings, Host file issues, AntiRootkit, Files/Folders, MBR (Master Boot Records) and Web browser items that have issues.
  4. A pop- up screen offers the purchase of the PRO version. It is your choice to subscribe of not. From my experience I select all Processes, Registry settings Host file items but only selectively choose and Web Browser add-ins to be deleted.
  5. Then hit the delete button.
  6. Once completed close the application.

For those who are running an x64 bit Windows system there is a version built for it that is downloadable from the Roguekiller home page at: http://www.adlice.com/software/roguekiller/

Adwcleaner 

  1. Save it to a known location on your computer.
  2. Execute the Adwcleaner.exe once it has completed downloading.
  3. Press the Scan button to continue.
  4. Once the scan is completed press the Cleaning button.
  5. This will be followed by three OK buttons.These close all running applications and will reboot the system. This is essential in the cleaning process as it can leave your system off line if not completed. So save any open work first.
  6. Once the system has rebooted a notepad txt file listing the items found and fixed by Adwcleaner will be shown on the screen.

Making it a habit to run these three utilities on a regular basis from the previously downloaded files will assist in keeping your system free of malware unwanted or uninvited infestations. Each application checks itself to verify that you are using the most current version.

Note: Alan supports individual and small business users as a part of his Smedley’s Engineers Pty Ltd business and if BIRRR members are in real strife with their Windows systems and wanting remote support he is happy to assist.  Alan has clients all over Australia and Internationally on systems he never actually gets to see.

Operating in the Hinterland of the Central Coast of NSW

Alan RG Smedley | 0419 919 969 | alan@smedleys.net.au