Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Mobile Banking Malware. Show all posts

New Android Trojan SharkBot is Targeting Banking Apps to Steal Financial Credentials

 

Cybersecurity researchers have uncovered a new Android trojan that can circumvent multi-factor authentication on banking apps, putting users' financial data and money at risk.

Dubbed "SharkBot" by Cleafy researchers, the Android malware has been spotted in assaults across Europe and the United States to siphon credentials from smartphones using the Google Android operating system.

"The main goal of SharkBot is to initiate money transfers from the compromised devices via Automatic Transfer Systems (ATS) technique bypassing multi-factor authentication mechanisms (e.g., SCA)," the researchers from cyber security firm Cleafy said in a report.

"Once SharkBot is successfully installed in the victim's device, attackers can obtain sensitive banking information through the abuse of Accessibility Services, such as credentials, personal information, current balance, etc., but also to perform gestures on the infected device." 

According to researchers, SharkBot is modular malware that belongs to the next generation of mobile malware able to perform attacks based on the Automatic Transfer System (ATS) system. The android trojan is equipped with several features, such as the ability to block legitimate banking communications sent via SMS, enable keylogging, and secure full remote control of the exploited devices.

Additionally, the malware poses as a media player, live TV, or data recovery apps and prompts users with rogue pop-ups to grant it wide permissions only to steal private details. Where it stands apart is the exploitation of accessibility settings to carry out ATS attacks, which allow the operators to "auto-fill fields in legitimate mobile banking apps and initiate money transfers from the compromised devices to a money mule network controlled by the cybercriminals." 

The Android trojan employs different anti-analysis and detection techniques to bypass multi-factor authentication on banking apps, including running emulator checks, encrypting command-and-control communications with a remote server, and concealing the app's icon from the home screen post-installation. Till now, no samples of the malware have been spotted on the Google Play Store, depicting that the malicious apps are installed on the users' devices either via sideloading or social engineering techniques.

"The discovery of SharkBot in the wild show mobile malware are quickly finding new ways to perform fraud, trying to bypass behavioral detection countermeasures put in place by multiple banks and financial services during the last years," the researchers stated.

Rise of a Mobile Banking Malware Which Steals Personal Financial Information



The federal cybersecurity agency cautions about the rise of a new mobile banking malware called "EventBot", which purportedly steal personal financial information and says it might influence Android phone users in India, in a most recent advisory.

The Trojan infection may "masquerade as a legitimate application such as Microsoft Word, Adobe flash and others using third-party application downloading sites to infiltrate into victim device” as per an alert issued by the (CERT-In) Computer Emergency Response Team of India, the national technology arm to combat cyber-attacks and guard the Indian cyberspace.

“It has been observed that a new Android mobile malware named EventBot is spreading. It is a mobile-banking Trojan and info-stealer that abuses Android's in-built accessibility feature to steal user data from financial applications, read user SMS messages and intercept SMS messages, allowing malware to bypass two-factor authentication," said the CERT-In warning.

As indicated by the CERT-In the virus "to a great extent target financial apps like PayPal Business, Revolut, Barclays, UniCredit, CapitalOne UK, HSBC UK, TransferWise, Coinbase, paysafecard and so on"

The agency said while "EventBot" has not been "seen" on Google Playstore till now, it can "masquerade" as a certified mobile phone application.

The virus further prompts the users to offer access to their device accessibility services. The advisory claimed that the virus is equipped for recovering notifications about other installed applications and read the contents of various applications.

Over time, it can also read Lock Screen and in-app PIN that can give the attacker more privileged access over victim device,"

The cybersecurity agency has proposed certain counter-measures to check the virus infection within the Android phones: "Do not download and install applications from untrusted sources like unknown websites and links on unscrupulous messages; install updated anti-virus solution; prior to downloading or installing apps even from Google Playstore), always review the app details, number of downloads, user reviews, comments and the 'additional information' section”

Lastly, it requested that users abstain from utilizing unsecured, unknown Wi-Fi systems, and for prior affirming of a banking/financial application from the source organization.

Mobile Banking Malware On The Rise, 50% Hike In Attacks! WhatsApp a Dependable Medium?


According to studies, with an increase of 50% malware attacks have known no bounds in the past year. Most common of all happen to be malware that steals users’ financial data and bank funds.

The banking malware is on the rise in India. According to several sources, over 35% of organizations and institutions in India have been affected by such attacks in 2019 alone.

Among the most common types of malware that India often faces, that steal photographs and contact details from the phone, Adware is a big name as it generates ads on your phone to make money for some other party.

Another variant that isn’t all that trendy in India is a malware that kicks off surveillance on the target’s phone, tracks its GPS location and snips their personal data. What’s more, they could even control your microphone and other mobile phone operations.

What makes banking malware scary is its ability to steal data while the target’s on their phone making payments. Unaware of any malicious activity, the user would have let some cyber-con know all their bank credentials.

WhatsApp is becoming an accessory in the procedures of banking malware. Despite the hefty encryption that’s done on the chat app, hackers keep finding creative ways to exploit even the most minute of vulnerabilities.

In a recent zero-vulnerability case, the malware which was on the video-file message got transmitted as it is onto the receiver’s device.

To make sure that you don’t get malware installed on your device via WhatsApp, keep cleaning all the data and do not open any doubtful files and links.

Phishing attacks are among other common tactics of hackers to attack users and their devices. Suspicious emails, if opened could help the hackers kick off malware in the mailbox and then the attack goes in a way that takes the target to a website and asks them to fill in their personal information.

Downloading apps from third-party stores and straight from the internet is a strict no! Do not open any suspicious files and treat each link and file with equal distrust. If you’re not sure who the sender is, do not consider the file at all, be it on text message or on email.

Connecting to unauthorized or unknown Wi-Fi networks could also pose security issues. With the tag of free networks to lure you in, “man-in-the-middle” attacks could easily be launched.

Mobile phone security is as paramount as the security of your house or any other electronic device. There has got to be a set of security measures in place to work if anything goes south.