Modern field guide to security and privacy
Jeff Chiu/AP
Android 6.0 doesn't add as many features as its predecessor, but includes some important security and power tweaks. Here, Google exec Sherice Torres shows the Android Pay icon on a phone running a test build of Android 6.0.

Sophisticated banking malware targets Android users

Researchers have discovered malicious software targeting online banking customers that use Android smartphones and tablets, the latest indication of a surge in attacks against the platform. 

Android smartphones have become a popular target for criminal hackers looking to steal personal information and break into bank accounts.

Now, researchers at the Slovakian security firm ESET say they've discovered a new strain of malicious Android software called Spy.Agent.SI that could be particularly dangerous to users.

The malware, targeting 20 of the largest banks in New Zealand, Australia, and Turkey, locks up the device's screen unless users give up their login credentials. The malware can also capture text authentication codes sent out by banks – compromising two-factor authentication. 

Hackers disguised the malware as a version of Adobe Flash Player, a widely used tool that runs video and animations on Internet browsers. As with most malicious tools that target Android devices, Spy.Agent.SI only impacts users that download their software from unofficial third-party mobile application stores instead of Google Play.

Once downloaded, Spy.Agent.SI prompts the user to grant it access that makes it hard to uninstall the malware. It then collects and sends a slew of information about the Android phone to an external computer controlled by hackers, including the name of every application installed on the device. 

If the user has a mobile app from from one of the 20 banks targeted by Spy.Agent.SI, the malware serves up a fake login page, disguised to capture login credentials and send them to another computer – where they can be used to steal money from bank accounts.

Though hackers designed the malware to go after customers in Australia, New Zealand, and Turkey – Spy.Agent.SI could be easily tweaked to target customers of any bank in the world.

Spy.Agent.SI is one of thousands of increasingly sophisticated Android hacking tools that have surfaced over the past few years. Android’s enormous popularity – more than 82 percent of the world’s smartphones run the Google operating system – has made it a prime target for attackers looking to steal identity information and other data. According to a recent Hewlett-Packard survey, criminals only target one operating system – Microsoft's Windows platform – more than Android. 

Malicious attacks on Android smartphones and tablets accounted for 18 percent of all cybercrime last year compared to about 42 percent for Windows, according to HP. Even more worrying, attacks against Android are growing much faster than most other platforms.

Jon Oltsik, an analyst at the Enterprise Security Group, says there are several reasons why Android has become such a popular target for hackers. Unlike the iPhone’s iOS software, which is completely controlled by Apple, Android's open source code is publicly available to inspect and build upon. “The bad guys can pull it apart, find its weaknesses, and exploit them more easily,” Mr. Oltsik said.

"Second, the Android installed base is huge, much bigger than iOS," he said. "Third, vendors have different versions of Android and don’t always distribute patches in a timely manner."

Android also has a much larger user base than iOS, Oltsik said, and vendors often fail to deliver software patches quickly, giving hackers more leeway to exploit customers, especially in Asia, where users use smartphones for online banking more than desktops.

"So if you want to steal user credentials," he said, "you attack Android."


You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to Sophisticated banking malware targets Android users
Read this article in
QR Code to Subscription page
Start your subscription today