Stories
Slash Boxes
Comments

SoylentNews is people

posted by Dopefish on Sunday February 23 2014, @12:00PM   Printer-friendly
from the stick-to-a-real-human-teller dept.
berrance writes "ITworld reports that the source code for the Android mobile banking Trojan app "iBanking" has surfaced via an underground forum. The software has been masquerading as a security app appearing on banking sites, via HTML injection attacks. In addition to serving as a Trojan, this app is also a bot net client, which 'connects to a command-and-control server that allows attackers to issue commands to each infected device.'"
 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by sibiday fabis on Sunday February 23 2014, @07:00PM

    by sibiday fabis (2160) on Sunday February 23 2014, @07:00PM (#5276)

    FTA:"Trojan botmasters are now in a better position to incorporate this advanced mobile counterpart in their PC-based attacks, affording them control over their victims' smartphones..."

    Sadly, there's an easily exploitable malware vector for this. The same users that install the "Free-Fix-My-Email-and-Smileys-and-Screensavers! Toolbar" and "Best Windows Anti Virus Tuneup Easy Microsoft Cleaner Free" type of software will fall for this, and its a big group. Anything that claims to fix a problem or make something easier to accomplish for free is clickbait. Sometimes it only takes one failed connection to their banking site and they'll be off to find the "fix".

    Typically, they won't bother to call their bank. They will open a new tab (login for the bank site still open in the old tab), use their likely already hijacked search to look for a solution and click on the first shiny ad that seems to match the problem. Even if they don't try to install anything, the almost certainly out of date add-ins in their browser have vulnerabilities that enable a silent download. Game over, PC and phone infected.

    Uninformed users make this type of malware successful. I try to teach every customer basic safety practices so they at least have a fighting chance against this stuff. I'm happy to say that most people get it, but sometimes it takes two or three service calls before they pay attention.