Personal tools

AusCERT Conference

The annual AusCERT conference is Australia's best cyber security event for anyone with an interest in cyber and information security.

AusCERT PKI certificate service

The AusCERT Certificate Service offers PKI certificates for people, servers and software for Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

Android trojan targets banking credentials

There’s a new Android banking Trojan in the wild that targets many major Australian banks. Named Android/Spy.Agent.SI, this malware is able to intercept communications between the user and the bank, stealing login credentials. It also intercepts SMS communications, so two factor authentication is at risk. Theft of funds from the user’s bank account is the result of a successful attack.

 The device is infected by a user downloading and installing a fake Adobe Flash Player application from an unofficial source. To prevent uninstallation, the application asks for administrative rights once installed. The malware monitors for a connection to one of its supported banking sites and overlays the login screen with its own lock screen that intercepts the user’s credentials. The user is prevented from accessing the authentic banking application until valid credentials have been entered. The banking apps affected include Commonwealth Bank, Westpac, ANZ, NAB, Bendigo, Bankwest and PayPal, as well as Google login credentials.

 To avoid being infected, users should ensure that they only install applications from official sources. Ensure that Settings -> Device Administration -> “Unknown sources: Allow installation of apps from sources other than the Play Store” has been turned off. An infected device will prevent navigation away from your online banking app login screen. If you think that you have been infected, avoid entering any banking credentials until you have uninstalled the malicious application, and monitor your accounts for any unexpected activity. To uninstall the app, the user has to first deactivate administrator privileges for the fake Flash Player application – it may be necessary to do this in safe mode – and uninstall the app. However, to be completely sure that malware has been removed, it's best to perform a factory reset and then reimport your data from where you back up your device. For more information about this malware and how to remove it, visit http://www.welivesecurity.com/2016/03/09/android-trojan-targets-online-banking-users/.