Blog

MALWARE AND MOBILE THREAT UPDATE

ANDROID BANKING TROJAN CAN BLOCK CALLS, BANKBOT TROJAN DISGUISED AS GAME, MALWARE STEALS BANKING CREDENTIALS, SEO-OPTIMZED MALWARE LINKS, IPHONE X JAIL BREAKIMMINENT, OLD BANKING TROJAN MAKES A COMEBACK

Welcome to the latest update where we compile recent headlines and top threats affecting mobile devices.  Here are some of the most recent highlights:

Banking Trojan Targets Google Search Results

In a new threat, fraudsters have found a way to take advantage of the prevalence of Google’s search engine use by incorporating Search Engine Optimization (SEO) to promote the return of the Zeus Panda banking trojan malware in search results.

The malware comes up in search results when users search using specific banking-related keywords.  By ensuring that the link to the malware is displayed in search results, the attackers can maximize exposure to the malicious links and then more easily obtain banking credentials, credit card information, and other sensitive information.

Jailbreak for iPhone® X Possible

Liang Chen of Tencent Keen Lab recently demonstrated the first jailbreak to work on iOS version 11.1.1 running on an iPhone® X. This live demo happened at the POC 2017 security and hacking conference in South Korea.

At this time, there is no known release date for the jailbreak. While lauded by Apple fans, jailbreaks can pose serious security and stability concerns for the device and unsuspecting users.

Banking Trojan Corebot Making a Comeback Via Malicious Spam Emails

Cybersecurity firm Deep Instinct recently detected a new variant of a 2015 banking trojan, CoreBot. According to Deep Instinct, CoreBot is a sophisticated banking malware and information stealer.

CoreBot is being spread once again with new, modified versions. In their most recent analysis conducted September, the malware was distributed using malicious spam emails with Microsoft® Office documents as attachments.

As part of the attack, users receive an email notifying them of an invoice attachment. Once the attachment is clicked on, an executable is downloaded to two locations on the victim’s machine.

 New Android Banking Trojan Can Block Incoming Calls

Researchers at SfyLabs discovered a new banking trojan affecting Android dubbed Red Alert 2.0. Unlike other banking trojans, Red Alert 2.0 has the ability to block and log incoming calls from banks, for example, to halt the malicious activity verification process.

Aside from these new capabilities, Red Alert has the same capabilities as most other Android banking trojans, such as the use of overlay attacks, SMS control and contact list harvesting.

BankBot Trojan Discovered on Google Play Disguised as a Game

Researchers at ESET discovered a BankBot trojan in Google Play disguised as a puzzle game called Jewels Star Classic.  The attackers misused the name of popular legitimate game series Jewels Star by the developer ITREEGAMER.

The BankBot was installed by approximately 5,000 users before it was removed. The attackers were able to bypass Google’s malware detection by delaying the malicious activity by at least 20 minutes.

When the unsuspecting user downloads the illegitimate Jewels Star Classic by GameDevTony, the infected device shows an alert prompting the user to enable something named “Google Service.”  After clicking on OK, the user is taken to the Android Accessibility menu, where by clicking “OK” grants accessibility permissions to the malware’s own accessibility service. By granting these permissions, the user gives the malware accessibility to carry out any tasks it needs to continue its malicious activity.

Malware Steals Banking and Digital Wallet User Credentials

A researcher recently discovered malware subsequently name XPCTRA, which is capable of stealing banking data and online digital wallet user credentials from services such as Blockchain.info and PerfectMoney.

The malware attempts to induce the victim to open a supposed bank bill link, but which actually leads to the download of the XPCTRA dropper. Once executed, it initiates a connection with an Internet address to download other malware parts responsible for later malicious actions.

Recommendations

To help protect users and organizations, Ciptor  recommends the following security best practices:

  • Stay current with software updates
  • Do not root or jail break devices
  • Do not install apps from third-party vendors other than the Google Play Store or Apple App Store
  • Lock devices with authentication

Ciptor provides ongoing insights on top trends and technologies to protect your organization’s digital channels in today’s always-on world.

Leave a Comment

Your email address will not be published. Required fields are marked *