Quick Heal Security Labs, an IT security firm, recently reported new Android malware by the name of Android.banker.A2f8a, which has the potential to infect more than 232 banking and cryptocurrency apps on Android mobile devices.

How does this Android Trojan work?

Android.banker.A2f8a is similar to other Android banking Trojan malware. It disguises itself as an Adobe Flash Player mobile application on third-party app stores to trick users into downloading it. Once on an Android device, the malware brings up several prompts in order to deceive the user into providing it with complete administrative rights.

Once the malware procures these rights, it obscures itself and begins searching the device for any banking or cryptocurrency apps it can exploit. Following this, it sends the user notifications that redirect them to fraudulent login screens—which disguise themselves as legitimate apps—to steal sensitive banking credentials.

As if all this wasn’t enough, this particular malware goes several steps further by reading SMS messages (including one-time passwords), uploading the user’s contact list to malicious servers, finding the user’s location, and more.

android-banker-trojan

android-banker-trojan

What impact do these attacks have on enterprises?

For the most part, any enterprise with proper security practices in place will not be directly affected by this malware. Mobile device management (MDM) software is often used to prevent corporate devices from downloading apps or accessing insecure websites.

However, this is a different story for enterprises that have adopted a bring your own device (BYOD) policy without MDM software to back it up. This malware threatens to steal not just personal banking information, but passwords to corporate resources. This malware is just another example of mobile devices posing a serious risk to corporate data security and data management.

According to a study consisting of 588 IT and security leaders at Global 2,000 companies, a mobile data breach can cost an enterprise millions of dollars. The same study also found that 67% of organizations have reported a data breach due to employees using their mobile devices to access the company’s sensitive resources.

How do you protect your company’s sensitive data from these malware attacks?

The best way to prevent malware attacks is to avoid downloading apps from third-party websites altogether. Users should only download mobile apps from trusted sources like the Google Play Store and Apple’s App Store. The greatest challenge lies in that not all employees are aware of this recommendation and might end up installing malicious apps from a third-party app store anyway. Along with educating employees about the adverse effects of downloading and installing apps from such sources, you can utilize ManageEngine’s MDM solution, Mobile Device Manager Plus, to permit app installations from trusted app stores only.

With Mobile Device Manager Plus, you can also blacklist apps you know are malicious so they can’t be installed onto your managed devices. In the case of the malware Android.banker.A2f8a, the package that has to be blacklisted is yqyJqWdtdf.UOaOrquyRDgLFgGueha, which can easily be done with Mobile Device Manager Plus.

You can try ManageEngine’s Mobile Device Manager Plus for free and start securing your enterprise’s mobile devices right away!

Note: Android users should know that Adobe Flash Player hasn’t been officially supported since Android 4.1 Jellybean onward, meaning any apps that claim to play Flash could be malware, contain bugs, or cause performance issues.