Millions of Android users warned over FAKE lock screen that steals their phone’s PIN and raids bank accounts

Date: 2024-10-21

MILLIONS of Android users are warned over a fake lock screen that steals their phone’s password and raids bank accounts.

Experts have issued warnings after an Android-specific banking virus was found to have new variants.

a person is typing on a laptop with an exclamation point on the screen
Getty
Experts have found a surge in dodgy bugs attempting to steal banking information on Android devices[/caption]

A staggering fourty new variants of the TrickMo Android banking trojan have been identified.

They have been designed specifically with the intent to steal Android pins, according to reports in Bleeping Computer.

Not all variants have entered variation yet but Trickmo was first documented in September 2019, its first known attack.

Key new features include interception of a one-time password, screen recording and more.

The malware tries to take advantage of a device’s powerful accessibility service permissions so that it can grant itself extra permissions and tap on prompts automatically.

The banking trojan then confronts affected users with phishing login screens to various banks in a bid to steal their credentials so attackers can perform unauthorised transactions.

Experts from US mobile security firm Zimperium have looked into the variants and noticed a dodgy new deceptive unlock screen.

It mimics the real Android unlock prompt and this is how they get their victims.

“The deceptive User Interface is an HTML page hosted on an external website and is displayed in full-screen mode on the device, making it look like a legitimate screen,” Zimperium reports.

They added: “When the user enters their unlock pattern or PIN, the page transmits the captured PIN or pattern details, along with a unique device identifier (the Android ID) to a PHP script.”

And stealing the PIN means cyber criminals can unlock the device when it’s not actively monitored to commit fraud – particularly late at night.

Zimperium found a whopping 13,000 victims known to be affected by the nasty malware.

Most were found in Canada but people in the UAE, Turkey, and Germany were also identified as victims.

Zimperium explained: “We discovered millions of records within these files, indicating the extensive number of compromised devices and the substantial amount of sensitive data accessed by the Threat Actor.”

The virus is spreading through phishing so to reduce the risk of falling victim, the experts say it’s best to avoid downloading apps on Google Play through SMS links or direct messages by people you don’t know.

Google Play Protect identifies and blocks known variants of TrickMo so it’s important to check it’s active and protecting your device.

a phone screen shows a drow unlock pattern and an enter pin screen
Zimperium
A dodgy unlock system mimicking the Android version has been used by hackers[/caption]
a screenshot of a scotiabank adcb and bmo app
Zimperium
Victims have been found all over the world including in Canada and the UAE[/caption]

Leave Your Comments