You are here

Alert: Watch out for HijackRAT - mobile banking malware

6th August 2014

The National Fraud Intelligence Bureau (NFIB) is warning of a new breed of malware developed for the Android platform.

The NFIB have said HijackRAT is a new breed of malware developed for the Android platform that marks a significant development in mobile malware.

As well as being a remote access tool, the malware also siphons private data such as text messages and contact details from the device, and goes after banking credentials by replacing banking apps with a spoofed version of those apps.

The malware deletes antivirus software

In order to evade detection it disguises itself as an app called "Google Service Framework", and has also been observed deleting antivirus software already installed on infected devices.

The NFIB have said the delivery method is not known at this time.

The main target seems to be mobile banking apps, as this malware seems to be aimed at attacking two-factor authentication systems currently popular in mobile banking, by obtaining personal information and access to applications used for authentication.

The malware has not yet been observed targeting UK banks, however analysis by the experts has indicated that it could be adapted very easily to target UK banks as well as the Korean institutions currently targeted.

The NFIB advises mobile banking users on all platforms to take the following steps to reduce the potential for falling victim to this type of malware:

  • Do not download apps except from the official app store for your device. 
  • Before downloading an app check what access it requires, if it asks for access to areas which it shouldn’t need, then be suspicious. Very few apps legitimately need to access your text messages. 
  • Format your device regularly to limit the damage caused in case you do acquire malware. 
  • If possible do not enable JavaScript or active scripts on the browser of your device.

If you think you have been a victim of fraud you should report it to Action Fraud.