Android users under threat from new mobile banking malware, warns industry watchdog

It’s masquerading as a WhatsApp update.

A new kind of malware which disguises itself as a WhatsApp update to illegally access mobile banking apps has been making the rounds in Singapore, the Association of Banks in Singapore (ABS) said in a warning on Tuesday.

The ABS said that several incidences of malware infection involving the fake WhatsApp update on Android smartphones used by mobile banking customers have been reported over the past couple of months.

This particular malware shows a pop-up advertisement which encourages consumers to tap it and download a “new” version of the program or risk losing access to the service.
After downloading the “update”, the application will prompt the customer to input confidential information, such as credit card details, which could then be used to commit fraud. 

Once the malware infects a customer’s smartphone, it can then masquerade as the smartphone user to snoop and steal data, and transact mobile banking as if the owner was doing it.

“ABS would like to remind mobile banking customers that smartphones are as susceptible to malware as desktop computers or laptops. Consumers are reminded to download applications only from trusted sources. As cybercriminals’ mode of operations and the malware are constantly evolving, visit your bank’s website for more information, latest updates and malware signs to watch out for,” said Ong-Ang Ai Boon, Director of ABS.