An Android banking trojan is on the prowl, probably affecting some 232 mobile apps, including several mobile payments apps of India banks, including State Bank of India, HDFC Bank. ICICI Bank and Axis Bank. IT security firm Quick Heal has sounded this alarm based on its research of malware that is in circulation. Quick Heal said the malware known as ‘Android.banker.A2f8a’ is being distributed by fraudsters through a fake Flash Player app on third-party stores. Upon downloading the app, it keeps checking for the installed apps on the infected device and particularly looks for the 232 banking and cryptocurrency apps. Once any of the targeted apps is found on the device, the app shows fake notifications disguised as coming from the targeted app and asks users to log in with their credentials and ultimately tricks them by stealing their login ID and password. Sanjay Katkar, JMD and CTO at Quick Heal, said users are advised to avoid downloading apps from third party app stores or links provided in SMSs and emails to keep their credentials safe.