Android Banking Trojan Steals Money from Online Banking Users - How to, Technology and PC Security Forum |

Android Banking Trojan Steals Money from Online Banking Users

Trojan-HorseA mobile malware with a devastating impact has been spotted out in the wild, extracting login and financial credentials from infected users. The Trojan is detected as Android/Spy.Agent.Sl(Eset) and and Android.SmsBot.539.origin(Dr.Web). Malware researchers from ESET have reported that it can be controlled remotely instead of being completely automatic, which may make it even more effective. The primary functions of the Trojan are to obtain OS device information, login credentials that are memorized and display various web-pages to the user. The Trojan also connects to remote networks. All users who are using online banking are immediately advised to restart their device and format it after which change all of their online banking passwords.

NameAndroid Banking Trojan
TypeAndroid Banking Trojan
Short DescriptionThe trojan steals financial credentials and sends SMS from the compromised device.
SymptomsThe user may witness login pages of his bank to pop-up on his phone.
Distribution MethodVia fake Flash Player for Android.
User Experience Join our forum to discuss Android Banking Trojan.

Android Banking Trojan – How Is It Spread

This Trojan is reported to be redistributed via malicious URLs. Such URLs may be opened by the infected device as a result of having an adware program on it that automatically opens ads on the user’s phone. Sometimes, some users have even reported adverts on apps which have contained malware, such as the Android Banking Trojan. Here is an example of a spam bot in Facebook, linking to Android malware:


After tapping on the link, the user may see a message, stating that the Flash Player of his android device requires an update, after which he downloads the malware which appears to be a “newer” version of Flash Player. However, it has nothing to do with it, and instead it infects the user and connects to the cyber-criminals’ C&C(Command and Control) server.

Android Banking Trojan In Detail

Once activated, the Android Trojan may immediately start collecting the following information from the device:

  • Android version.
  • Security software is installed.
  • Login credentials of apps.

The Banking Trojan even can display the so-called “phishing” pages – web pages that are identical to the login pages of the banking service the user is using which may claim the user has entered his password wrong. If the user types his username and password, the data may be sent to the cyber-criminals’ servers and the page may reload to the original one. So in case you have seen this symptom and you are positive you have entered your details correctly you should immediately check your phone for the Banking Trojan.

The cyber-criminals have even designed the Trojan to control SMS messages, enabling them to bypass two-factor authentication by sending messages from the user’s smartphone without his consent. Furthermore, researchers report that the Trojan has attacked customers who are using online banking services of over 20 major banks.

Remove Android Banking Trojan from Your Phone

In case you believe your phone has been infected with this or other phone malware, we advise you to immediately change all of the passwords of the accounts you are logging in through your phone. After this, we strongly advise you wipe your phone cleanly by following our instructions below.

If you want to be protected in the future, we also recommend rooting your phone. This will enable you to configure its settings so that you stop any advertisements or redirects in the future. As a bottom line, we also recommend using a powerful anti-malware protection for mobile devices.

1. Back up the data on your device
2. Hard-reset your device and remove Android Banking Trojan
NOTE! Substantial notification about the Android Banking Trojan threat: Manual removal of Android Banking Trojan requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share