A Mobile software company Cheetah Mobile has identified a malicious piece of Android malware that replaces the legitimate banking apps with fake versions.
According to the Cheetah Mobile report, the Trojan disguises itself as popular game or application on third party android application markets in Korea and tricks users into installing the app.
Once it is installed, the Trojan searches for the official online banking applications of south Korean Banks including Nong Hyup Bank, Sinhan Bank, Woori, Kookmin, Hana N Bank, Busan Bank and Korean Federation of Community Credit Cooperatives.
If one of these banking apps is found to be installed on the victim's device, the malware displays an alert saying that the banking app needs to be updated. Once the update is approved, the legitimate banking app will be replaced with the fake one.
The fake version then asks victims to enter the password to their security certificate(which is required by the South Korean government in order to access many online services).
The app then asks victims to provide their bank account number, passwords and bank security number.
At the end, the malware simply displays a fake error message informing victims that there is no Internet connection. The malware then deletes itself from the device.
"With the information that they stole, the hackers can apply for a new certificate, which they then use to freely access the victim's bank account."says Cheetah Mobile.
The company said more than 3,000 devices have been infected in the last week alone.