Quick Heal Security Labs has spotted an Android banking Trojan that imitates more than 232 apps including those offered by Indian banks. The malware is known as Android.banker.A2f8a (previously detected as Android.banker.A9480). According to researchers at Quick Heal Security Labs, Android.banker.A2f8a is being distributed through a fake Flash Player app on third-party stores. After getting downloaded, it keeps checking for installed apps on the victim\u2019s device and particularly looks for the 232 banking and cryptocurrency apps. Once any of the targeted apps is found on the device, the app shows fake notifications disguised as coming from the targeted app and asks users to log in with their credentials and ultimately tricks them by stealing their login IDs and passwords. Sanjay Katkar, joint MD and CTO, Quick Heal Technologies, has said users should avoid downloading apps from third party app stores or links provided in SMSes and emails to keep their credentials safe. In addition, users should install a reliable mobile security solution that detects and blocks malicious apps before they infect device and steal sensitive data, Katkar said. Quick Heal Security Labs is the threat research and response division of Quick Heal Technologies, one of the leading providers of IT security solutions. According to the Quick Heal Lab, after installing the malicious app, it will ask the user to activate administrative rights. And even if the user denies the request or kills the process, the app will keep throwing continuous pop-ups until the user activates the admin privilege. Once this is done, the malicious app hides its icon soon after the user taps on it. In the background, the app carries out malicious tasks \u2013 it keeps checking the installed app on the victim\u2019s device and particularly looks for 232 apps (banking and some cryptocurrency apps). If any one of the targeted apps is found on the infected device, the app shows a fake notification on behalf of the targeted banking app. If the user clicks on the notification, they are shown a fake login screen to steal the user\u2019s confidential info like net banking login ID and password. The malware can also intercept all incoming and outgoing SMSs from the infected device which enables attackers to bypass SMS-based two-factor authentication on the victim\u2019s bank account (OTP), said Quick Heal Research. The malware is also able to send SMSes with a dynamically received text and number from the server\u2019s side. The malware can also set the device\u2019s ringer volume silent in order to suppress SMS notifications.