Trusteer Uncovers New Android Banking Trojans

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Trusteer researchers recently came across new attacks on mobile banking customers that make use of both the SpyEye and Tatanga banking Trojans.

"Windows users are targeted with Web injection attacks against vulnerable desktop Web browsers to trick users into installing a fake banking security application on their phones," writes Threatpost's Paul Roberts. "The malicious application poses as a banking security application that verifies account holders' Web based banking logins using SMS messages. Once installed, the desktop malware asks victims to identify the type of mobile device they use."

"Those not using Android get a message saying their device doesn't need additional protection," writes PCMag.com's Neil J. Rubenking. "Android users get a text message with a link to install the malicious app and also receive an activation code that must be entered at the bank's Web site. Banks already use this kind of interaction for added security, sending a verification code to the user's mobile number on record, so this request seems perfectly normal. Of course, that code goes to the crooks, not to the bank."

"Once installed, the mobile malware captures all SMS traffic, including transaction authorization codes sent by the bank to the victim via SMS, and forwards them to the fraudsters," Help Net Security reports. "This enables the criminals to initiate fraudulent transfers and capture the security codes needed to bypass SMS-based out-of-band authorization systems used by many European banks."

"The mechanics of the attack vary by country and that is perhaps the biggest feature of this attack -- it targets a range of major European online banks, particularly those in Spain and Germany," writes Techworld's John E. Dunn. "'Once fraudsters have infected a victim’s web and mobile endpoints, very few security mechanisms can prevent fraud from occurring,' said Trusteer CTO Amit Klein, whose company offers in-browser tools that specialise in blocking such attacks."