Fanta SDK is an Android Malware that could empty your bank account

Share the joy

Apparently hackers are always on the prowl—working tirelessly to make life miserable for the Internet community. Your bank account could be the next target—and that is exactly what Android malware, known as the Fanta SDK is out to do.

The first version of the malware was first sighted in December 2015, but didn’t leave behind much damages as a small number of users fell victim, reports Softpedia. However, it seems to have returned with capability to cause further damages to Android users.

Malware coders seem to have devised a clever way of masking fraudulent bank transactions. A user’s smartphone PIN is changed, while the device is locked—thereby keeping him busy while his bank account is emptied in the process.

How fake bank notifications are spread by malicious banking apps

Explaining how malicious banking apps send fake email alerts, Trend Micro, the security company that blew the lid over Fanta SDK, says that criminals make use of spam emails to spread their malware-laced apps.

According to the company’s explanation, a user first receives a fake email purported to have been sent by his bank. Such emails usually contain instruction requesting the receiver or informing him of a new update. He is then instructed to update to the latest version of his bank’s app in order to continue to use it without interruption. The report, however, adds that the app only targets account owners of Russian banks.

Any user that has any of those apps installed on his Android phone is likely to follow the download link that comes with the fake email sent by the criminals. After installation, the app asks the user to grant it administrative privileges. Trend Micro advises users not to grant administrative privileges to suspicious apps, which is akin to handling the keys to your vault to an invader.


                                                              Original Sberbank of Russia app (left) and fake app (right)

“The malware also runs on all Android versions. Once the app has been installed, it will wait for users to go to the phone settings menu, then asks users to run the app with admin privileges. Keep in mind that most legitimate apps do not request admin privileges. This is a common red flag users should catch early when dealing with mobile malware. When a user does allow the app admin privileges, the bank’s welcome page pops up and asks the user for their user ID and password,” the company said.

Once granted administrative privileges, the Fanta SDK waits for you to launch the mobile banking app of a targeted bank. This is soon followed by a popup through which it phishes your banking credentials, and then redirects you to the legitimate app.

Finally, the malicious app sends your credentials to the criminals’ server where they are then used for fraudulent transactions.

Things are about to get out of hand

When you get suspicious because the app prompts you to grant it administrative privileges, and you want to uninstall it from your smartphone, things get dirty at that point. The Fanta SDK, which comes with a self-protection feature, automatically sets a random smartphone PIN and then locks the device!

Once detected, the malware makes a quick sweep of your bank account—leaving you with little or no time to try to unlock your phone. However, this could leave you with enough time to alert your bank to take necessary actions to stop the malware from causing further damage.

Safety tips

  1. Do not fall for fake email purportedly sent by your bank asking you to update any app on your smartphone. This could be a ploy by crooks to target and empty your bank account.
  2. Don’t update or download banking apps from third-party website order than Google Play Store.
  3. Report any suspicious email to your bank before taking further actions.
  4. Don’t give away your password or expose your user id to anyone online.

Share the joy

Author: Ola Ric

Ola Ric is a professional tech writer. He has written and provided tons of published articles for professionals and private individuals. He is also a social commentator and analyst, with relevant experience in the use of social media services.

Share This Post On