Cyber attack hits millions of Australian and New Zealander bank customers

It’s not the ideal way to start your lunch break but news has just come in that millions of customers

It’s not the ideal way to start your lunch break but news has just come in that millions of customers of Australia’s banks are the target of a sophisticated attack which steals banking details.

According to Brisbane Times, customers of the Commonwealth Bank, Westpac, National Australia Bank and ANZ Bank are all at risk from malware which hides on infected Android mobile devices. It waits until users open mobile banking apps then places a fake login screen over the top of the legitimate login so it can steal your details.

There are over 20 mobile banking apps in Australia and New Zealand that are affected, and even the login screens for PayPal, eBay, Skype, WhatsApp have seen a similar scam.

Apart from Australia’s Big Four banks it targets a range of other financial institutions including Bendigo Bank, St. George Bank, Bankwest, ME Bank, ASB Bank, Bank of New Zealand and Kiwibank.

The scamming malware can also steal codes sent to your mobile device for authentication. When the complex programs get access to this information, thieves can log into the victims’ online banking account from anywhere in the world and transfer funds.

“This is a significant attack on the banking sector in Australia and New Zealand, and shouldn’t be taken lightly,” ESET senior research fellow Nick FitzGerald told Fairfax.

“While 20 banking apps have been targeted so far, there’s a high possibility the e-criminals involved will further develop this malware to attack more banking apps in the future.”

So what can you do?

If you have an Android device, go to Settings > Security > Device Administrators menu and check to see if ‘Flash Player’ is in the list. You can remove it from this list. A fake alert will come up saying you shouldn’t, but it’s safe.

It is then possible to uninstall the malware via Settings > Apps/Application manager > Flash Player > Uninstall.

If you have any further concerns, you should contact your manufacturer, or do a hard reset of your phone (after saving all important information).

The malware does not affect Apple phone users.

Share your thoughts below.


  1. Russell McMahon  

    The “fix” listed above will work for a ‘Flash’ based attack BUT disabling Flash will also disable all legitimate Flash based applications, and will leave the malware in place to be re-enabled at some future date when an app is installed or enabled that uses Flash player legitimately.

    A far far far …. better approach is to run a ‘proper’ malware remover. One such is the free and well regarded “360 Security. Available free from:

    They say:

    “360 Security is one of the most popular and highly rated antivirus Android apps available right now with over 100 million downloads and 10 million ratings resulting in a 4.6 overall rating. This antivirus and anti-malware app comes with a ton of features, including the ability to scan your device files for malware, scan your apps and games, enable real-time protection, and even comes with an anti-theft feature. You can also use the app’s built in cleaner and booster service if you want, but the validity of those types of features aren’t particularly substantiated. Perhaps the most useful feature for this one is an app lock that lets you password protect any app on your device which is great for keeping nosy people away. The best part? It’s completely and totally free.”


    Ref: Iain McMahon recommended 360 security.

Leave a Reply

Your email address will not be published. Required fields are marked *