ID: IRCNE2014022114
Date: 2013-02-24
According to "computerworld", the source code for an Android mobile banking Trojan app was released on an underground forum, making it possible for a larger number of cybercriminals to launch attacks using this kind of malware in the future.
The malware app, which the RSA researchers call iBanking, is used in conjunction with PC malware to defeat mobile-based security mechanisms used by banking sites.
Most PC malware that targets online banking users can inject content into browsing sessions. This capability is used to display rogue Web forms on banking sites in order to steal log-in credentials and other sensitive financial information from users.
Many banks responded to these threats by implementing two-factor authentication and transaction authorization systems that work by sending unique one-time-use codes to their customers' registered phone numbers via SMS.
The iBanking malware was distributed "through HTML injection attacks on banking sites, social engineering victims into downloading a so called 'security app' for their Android devices," the RSA researchers said Thursday in a blog post.
In addition to capturing incoming and outgoing text messages, the iBanking app can redirect calls to a pre-defined phone number, capture audio from the surrounding environment using the device's microphone and steal data like the call history log and the phone book, the researchers said.
The malware connects to a command-and-control server that allows attackers to issue commands to each infected device, making iBanking not just a Trojan app, but a botnet client.
As a result of this recent code leak, "Trojan botmasters are now in a better position to incorporate this advanced mobile counterpart in their PC-based attacks, affording them control over their victims' smartphones," the RSA researchers said.
"This highlights the need for stronger authentication solutions capable of validating users' identities using multiple factors including biometric solutions."
- 2