Android Banking Trojan Steals Money from Online Banking Users - How to, Technology and PC Security Forum |

Android Banking Trojan Steals Money from Online Banking Users

Trojan-HorseA mobile malware with a devastating impact has been spotted out in the wild, extracting login and financial credentials from infected users. The Trojan is detected as Android/Spy.Agent.Sl(Eset) and and Android.SmsBot.539.origin(Dr.Web). Malware researchers from ESET have reported that it can be controlled remotely instead of being completely automatic, which may make it even more effective. The primary functions of the Trojan are to obtain OS device information, login credentials that are memorized and display various web-pages to the user. The Trojan also connects to remote networks. All users who are using online banking are immediately advised to restart their device and format it after which change all of their online banking passwords.

NameAndroid Banking Trojan
TypeAndroid Banking Trojan
Short DescriptionThe trojan steals financial credentials and sends SMS from the compromised device.
SymptomsThe user may witness login pages of his bank to pop-up on his phone.
Distribution MethodVia fake Flash Player for Android.
User Experience Join our forum to discuss Android Banking Trojan.

Android Banking Trojan – How Is It Spread

This Trojan is reported to be redistributed via malicious URLs. Such URLs may be opened by the infected device as a result of having an adware program on it that automatically opens ads on the user’s phone. Sometimes, some users have even reported adverts on apps which have contained malware, such as the Android Banking Trojan. Here is an example of a spam bot in Facebook, linking to Android malware:


After tapping on the link, the user may see a message, stating that the Flash Player of his android device requires an update, after which he downloads the malware which appears to be a “newer” version of Flash Player. However, it has nothing to do with it, and instead it infects the user and connects to the cyber-criminals’ C&C(Command and Control) server.

Android Banking Trojan In Detail

Once activated, the Android Trojan may immediately start collecting the following information from the device:

  • Android version.
  • Security software is installed.
  • Login credentials of apps.

The Banking Trojan even can display the so-called “phishing” pages – web pages that are identical to the login pages of the banking service the user is using which may claim the user has entered his password wrong. If the user types his username and password, the data may be sent to the cyber-criminals’ servers and the page may reload to the original one. So in case you have seen this symptom and you are positive you have entered your details correctly you should immediately check your phone for the Banking Trojan.

The cyber-criminals have even designed the Trojan to control SMS messages, enabling them to bypass two-factor authentication by sending messages from the user’s smartphone without his consent. Furthermore, researchers report that the Trojan has attacked customers who are using online banking services of over 20 major banks.

Remove Android Banking Trojan from Your Phone

In case you believe your phone has been infected with this or other phone malware, we advise you to immediately change all of the passwords of the accounts you are logging in through your phone. After this, we strongly advise you wipe your phone cleanly by following our instructions below.

If you want to be protected in the future, we also recommend rooting your phone. This will enable you to configure its settings so that you stop any advertisements or redirects in the future. As a bottom line, we also recommend using a powerful anti-malware protection for mobile devices.

1. Back up the data on your device

Back up the data on your phone

CAUTION! Before attempting any removals and drive formatting on your device, you should know that it is essential to save all your important contacts and files from your phone. There are several methods to backup your files:

Method I: Using online backup software or a memory card if the device supports it.

Method II: Connecting to another device and copying the data directly.

This is a bit risky option since the device may have malware on it. This is why, first you need to enter the device’s Safe Mode:

For RAZR Droid Devices:

1.Switch off the smartphone and remove the battery for a few seconds then plug it back in.

2.Switch the phone on.

3.You should see a Motorola Dual Core screen appearing. You should press and hold the Volume up, and Volume Down keys on the side of the smartphone. Hold them until the lock screen shows up with ‘Safe Mode’ written in the lower corner.

For HTC Devices:

1.Switch off the smartphone and remove the battery for a few seconds then plug it back in.

2.Turn on your phone while simultaneously holding down the Menu Button. When it starts, keep pressing the Menu Button until you see ‘Safe Mode’ menu appearing in the lower corner.

For Nexus devices:

1.Switch off the smartphone and remove the battery for a few seconds then plug it back in.
2.Turn on the phone.
3.When the welcome Logo Screen shows up, hold the trackball while pressing it until a lock screen shows up, or you see ‘Safe Mode’ written in the bottom corner.

For Other Motorola Devices:

1.Switch off the smartphone and remove the battery for a few seconds then plug it back in.
2.Hold down the Menu Button after you press it while turning on the phone. When it boots, hold the button down upon seeing the lock screen or feeling the phone vibrate.

For Moto G Devices:
1.Press the Power Button and hold it on until the list with options pop-up.
2.Hold the Power off button and wait for a ‘Reboot to Safe Mode’ option to appear.
3.Tap it and let the phone reset.

For Samsung Galaxy Devices:

1.While the device is on, hold down the Power Button and wait for the Options List.
2.Wait for a ‘Restart to Safe Mode’ option to appear.
3.Choose this setting. The device will restart.

For Apple Devices:

1. While your device is locked, hold down the Power Button and the Home Button until you see a white Apple logo.
2. Once you see the logo, let go from those buttons and start holding the Volume Up button. (Give it a little time to boot up)
3. Now the phone should boot in Safe Mode without any third-parties running.

And now it is time to proceed by doing the actual backup:

Apple iOS

1. Connect your device and select it in iTunes.
2. From the Backups section go to Manually Back Up and Restore and tap on Back Up Now.


1. Connect your device via USB to a computer and select Use as a Media Device. You may also see use as file transfer option.
2. Go to your phone from My Computer and copy all the files you need.
3. If the phone has an option to install its drivers onto your computer, select it and install them since this will simplify the process of copying your contact list on your computer.

2. Hard-reset your device and remove Android Banking Trojan

Hard-Reset Your Smartphone

For Apple iPhone and iPad Devices:

Option I: Via the device

1.Back up your data using iCloud or another backup method.
2. Go to the Settings menu and go to General.
3. On the bottom, tap on Reset.
4. Tap on Erase All Content and Settings.
5. Confirm it by tapping on the red Erase button and then type your password.

Option II: Via iTunes

1. Connect your device and open iTunes.
2. Click on the device‘s name and model to open the dialog box.
3. From there, click on the button “Restore”

For Android Devices:

After you have backed up your files, you should perform a clean wipe-out of your phone. This can happen either via one of the options in Safe Mode or by entering your device’s Recovery Mode. Several methods exist in order to enter Recovery Mode of your device:


For Nexus Devices: – Hold the Volume Down + Volume Up + Power button until a Recovery menu appears. After that, you should select the Wipe Data/Factory reset option. Nexus 4 may work with Volume Up + Power + Volume Down.

For Samsung Devices: – Hold the Volume Up + Power Button + Home Button until a Recovery menu appears. After that, you should select the Wipe Data/Factory reset option.

For Motorola Droid X Devices: Hold the Home Button + Power Button until a Recovery menu appears. After that, you should select the Wipe Data/Factory reset setting.

For other devices with camera buttons on them: Hold the Volume Up + Camera Button until a Recovery Menu appears. After this, you should choose the Wipe Data/Factory reset option.

NOTE! Substantial notification about the Android Banking Trojan threat: Manual removal of Android Banking Trojan requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share