Android business users targeted by mafia-made malware app
Android banking malware has become powerful mobile Trojan, say experts
A new malware named "iBanking" is being used by Russian cybercrime gangs to infiltrate the business and finance sectors.
The tool is one of the most expensive pieces of malware sold on underground markets, according to security company Symantec. Its designer even distributes the virus with a Software-as-a-Service (SaaS) business model.
Creator "GFF" sells the toolkit complete with updates and support for $5,000 (3,000), taking a cut of the profits if buyers can't afford the subscription fee.
iBanking masquerades itself as a legitimate security app, targeting those who use their device to send and store secure information. The first stage of infection usually occurs when a desktop is already infected with a financial Trojan.
When the Trojan detects the user is on a banking website, it sends a pop-up recommending they download iBanking. They are then prompted for their phone number and sent a text with a link to download the app. If for some reason the victim can't receive the text, the malware offers direct links and even a QR code as alternatives.
Once downloaded, the app allows the attacker complete access to all communications sent by the victim. iBanking sits in the device, recording conversations and texts, waiting for the victim to reveal sensitive information which it then relays back to the hacker.
Originally an SMS-stealing malware, iBanking has evolved to become a powerful Trojan, capable of recording calls and texts as well as redirecting communications and even controlling a device's microphone. It can be operated through both SMS and HTTP, giving both offline and online forms of control to the attacker.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The source code for the malware was leaked in February, resulting in a marked increase in the amount of infections. The more professional cybercrime gangs, however, are still buying up the "official" version, according to Symantec.
"Symantec predicts that this upsurge in activity will continue as news of the leaked source code spreads through the underground," the company said in a blog post.
"However, we believe that the more professional cybercrime groups will continue to pay for the product, allowing them to avail of updates, technical support and new features."
Android users should be wary of any SMS messages that contain links to download application package files, especially outside of the official stores. Keeping your desktop's antivirus solutions up to date will help stop any financial Trojans prompting users to get the app, too.