Indian Computer Emergency Response Team (CERT-In) and Reserve Bank of India have issued an advisory informing the spread of a malicious application targeting various banking and payment apps.
The malicious application is masquerading as Flash Player which is being offered via third party app stores, possibly when the users are being directed from compromised servers or after clicking on ads. The application is capable of stealing banking credentials, intercepting SMSs, displaying an overlay screen (to capture details) on top of legitimate apps, stealing sensitive data to attacker controlled servers, among others.
As mentioned in the advisory, all are requested to follow the below mentioned best practices to minimise the impact of such malicious applications.
Best Practices for Smartphone Apps
Do not download and install applications from untrusted sources [offered via unknown websites/ links on unscrupulous messages]. Install applications downloaded from reputed application market only.
Prior to downloading / installing apps on android devices (even from Google Play Store):
Always review the app details, number of downloads, user reviews, comments and “ADDITIONAL INFORMATION” section.
Verify app permissions and grant only those permissions which have relevant context for the app’s purpose.
Do not check “Untrusted Sources” checkbox to install side loaded apps.
Exercise caution while visiting trusted/untrusted sites for clicking links.
Install and maintain updated antivirus solution on android devices. Scan the suspected device with antivirus solutions to detect and clean infections.
Install Android updates and patches as and when available from Android device vendors.
Enable 2-factor authentication for your Google/other accounts.
Users are advised to use device encryption or encrypting external SD card feature available with most of the android OS.
Avoid using unsecured, unknown Wi-Fi networks. There may be rogue Wi-Fi access points at public places used for distributing malicious applications.