A new Android trojan has the ability to intercept text messages and bypass the SMS-based two-factor authentication system protecting customers' bank accounts. The trojan, detected as "Android/Spy.Agent.SI" is currently targeting customers of large banks via their mobile apps.
The malware tricks users into downloading it onto their devices by masquerading as Adobe Flash Player. Upon installation, it requests that the user grant the malicious app administrator rights, before seemingly disappearing from view.
Rest assured, however, that while the Flash Player icon might no longer be visible, the trojan is just getting started.At this point, Android/Spy.Agent.SI contacts a remote server hosting malicious APK files whose corresponding URL paths are regenerated hourly in a bid to avoid detection by anti-virus software.
The trojan uses this connection to send information about the infected device, along with the package names of installed applications, to its operators. If any of the apps are identified as a target, the remote server responds with a list of 49 apps that Android/Spy.Agent.SI is equipped to attack via a phishing attack.
Just in case the victim's account is protected with two-factor authentication, Android/Spy.Agent.SI also has the ability to send all SMS communications to the remote server upon request.This allows the malware's author to bypass 2FA protection.
These are things you can do to protect yourself.
First, if you ever see anything masquerading as Adobe Flash Player on Android, you can be sure it's a fake. Flash Player hasn't created a client for Android since 2012, so there's no way anything legitimate is still making the rounds on the mobile platform.
Second, you would be wise to install mobile apps from the official Google Play Store rather than less-trustworthy third-party sites, and should always keep a mobile anti-virus solution running on your phone as an added layer of defense.
Last but not least, if you do become infected with Android/Spy.Agent.SI, you can remove the malware by disabling the fake Flash Player's administrator privileges in Settings or by removing it while in Safe Mode.