Malware gives criminals access to banking apps
- Several people have reported downloading a bogus WhatsApp update
- It asks them for banking details and steals data once downloaded
- Separate piece of WhatsApp malware is being spread in a phishing email
- The malicious emails are sent with subject lines such as ‘an audio memo was missed’ or ‘You have a video announcement’
Malware masquerading as a WhatsApp update has the ability to access the banking apps stored elsewhere on your phone, experts have warned.
There have been several cases reported of unsuspecting Android users trying to update the popular messaging app, but instead they have accidentally installed sneaky software that steals data.
This follows reports of a separate piece of malware, also targeting WhatsApp users, that is spread using emails sent from criminals pretending to be from the Californian company.
The malicious emails are sent with subject lines such as ‘an audio memo was missed’ or ‘You have a video announcement’ in order to entice people to click on the message and spread the malware.
However, all of these messages end in random characters – such as ‘xgod’ or ‘Ydkpda’ – that may be used to identify an unsuspecting recipient.
The messages themselves contain a compressed (zip) file harbouring the malicious software, which if clicked upon rapidly infects a computer’s file system and could be used by criminals to control the machine.
Android users should remain ‘largely unaffected’ by the malware as long as they don’t install apps from outside of Google’s Play Store.
‘Users who are most at risk are those looking to download apps from the less regulated third-party markets which are very prevalent in some parts of the world,’ he said.
According to a 2014 malware report by Motive Security Labs mobile malware infections increased by 25 per cent in 2014, compared with 20 per cent for 2013 globally.
The report estimated around 16 million mobile devices worldwide were infected by malware.
ABS has advised people to be install anti-virus software on their smartphone and only to install apps from trusted sourced such as Google Play.
‘Only click on hyperlinks from messages and emails if they are from a trusted source,’ it said.
