The security firm Trusteer reports that new
Web-based attacks are targeting Android smartphone users in a campaign to
circumvent two-factor sign-on features used by many banks to protect account
holders.
http://www.computerworlduk.com/news/mobile-wireless/3369164/android-trojan-attacks-sms-smartphone-bank-security/
Writing on the Trusteer blog on Tuesday, CTO
Amit Klein of Trusteer said that researchers there have identified new attacks
against mobile banking customers that use both the SpyEye and Tatanga banking
Trojans. The attacks, which target Android mobile device users, but not those
of other platforms, is the latest evidence that cyber criminals are
concentrating on Google's Android platform, which makes up 51% of the mobile
smart phone market in the U.S. and between 46% and 61% in the major European
markets.
Klein said the new attacks are variations of
those that have been circulating in the last year. Windows users are targeted
with Web injection attacks against vulnerable desktop Web browsers to trick
users into installing a fake banking security application on their phones. The
malicious application poses as a banking security application that verifies
account holders' Web based banking logins using SMS messages.
Once installed, the desktop malware asks
victims to identify the type of mobile device they use. Victims who use an
operating system other than Android are told that no other action is required.
Android users, however, are asked to provide their phone number. A link for
downloading the malicious application is then sent to the phone.
Trusteer has identified the same application
being pushed by both the SpyEye and Tatanga malware, suggesting that the same
criminal group is using two different malicious applications to support their
scam.
Once installed, the mobile malware captures SMS
(short message service) traffic. That includes authorization codes sent by the
victim's bank to their mobile phone. SMS messages are forwarded to the
fraudsters, allowing them to initiate fraudulent transactions and transfers,
then capture the SMS codes needed to authorize them.
Trusteer said the attacks, which began in June,
use malicious Web sites hosted in China and the U.S. Those Web sites are not
currently active, Trusteer said.
Android, Google's open source mobile
application, has struggled with the issue of malicious mobile applications
since launching. Kaspersky Lab researchers warned of an outbreak of the Zeus
Trojan posing as Android malware in June, and of a suspicious application that
stole users phonebooks which was circulating on Google's Play marketplace and
Apple's App Store in July. In February, Google introduced the Bouncer
application to help vet applications that were submitted to its mobile
marketplace. However, researchers quickly figured out ways to fool Bouncer's
automated code auditing.
Reference: