Number:IRCNE2014042169
Date: 2014-04-20
According to “computerworld”, cybercriminals have started using a sophisticated Android Trojan app designed for e-banking fraud to target Facebook users, possibly in an attempt to bypass the two-factor authentication protection on the social network.
Security researchers from antivirus vendor ESET have identified a new variant of a computer banking Trojan called Qadars that injects rogue JavaScript code into Facebook pages when opened in a browser from an infected system. The injected code generates a message instructing users to download and install Android malware that can steal authentication codes sent to their phones via SMS.
These man-in-the-browser attacks are known as webinjects and have long been used by computer Trojans to display rogue Web forms on online banking websites with the goal of collecting log-in credentials and other sensitive financial information from users.
Webinjects are also commonly used to display messages that instruct users to download and install malicious applications on their mobile phones by presenting them as security apps required by financial institutions.
In February security researchers from RSA, the security division of EMC, reported that the source code for an advanced Android Trojan called iBanking was released on an underground forum and warned that this development will allow more cybercriminals to incorporate this mobile threat in their future operations.
It's possible that the attackers are using iBanking to steal security codes sent via SMS by Facebook's legitimate two-factor authentication system.
However, it's also possible that attackers have chosen to use webinjects on Facebook because it's an efficient way to distribute the malware to a lot of users without worrying which particular banking sites they regularly interact with.
- 7