Yesterday, this humble writer was involved in a minor Twitter spat. Tech site Ars Technica was picked up on a headline it subsequently changed, which had indicated a piece of Android malware was the most expensive Trojan ever seen at $5,000.
As a number of security experts pointed out to the writer of the article, more costly malicious kit has been sold in legitimate deals, like those between governments and surveillance software manufacturers, and on criminal forums. Out or boredom, I only interjected with a few sarcastic comments.
But the iBanking tool should still be a serious worry for the industry. Hackers are getting good at Android malware and they’re updating their software with increasingly neat features.
For starters, the iBanking package is sold via a subscription model, which comes with updates and technical support. This is a professional outfit.
From the victim’s perspective, the malware often comes disguised as legitimate social networking, banking or security applications. Initially, the target will have their PC infected. When they visit their banking site, for instance, they will be asked to download a mobile app. That will then silently pick up any information sent to the phone from the bank.
It’s designed to get around “out-of-band security measures”, in particular those one-time passwords that banks and various online services send by text.
I’ve seen similar services going for less than $5,000. iBanking likely costs more because its creator, who goes by the handle GFF on forums, is adding a load of functionality.
Outside of SMS interception, the malware can also snoop on phone calls, record audio and steal files, amongst many other functions.
“iBanking can be controlled through both SMS and HTTP. This effectively provides online and offline options for command and control. By default, the malware checks for a valid Internet connection,” noted security company Symantec, in a blog post.
“If one is found, it can be controlled over the web through HTTP. If no internet connection is present, it switches to SMS.”
It appears some high-profile hacking crews in Eastern Europe are running iBanking operations, but many more look set to use the malware. That’s largely because the source code for the tool was leaked in February, making it cheap and easy to set up an iBanking campaign.
Meanwhile, security firm RSA has seen iBanking securing their infrastructure. “iBanking now employs stronger encryption methods to hide its resources and uses packers and obfuscators to protect its code from reverse-engineering attempts and anti-virus detection,” it said in a blog post.
Put simply, iBanking is a nasty piece of kit that users ought to be aware of. “Our continued analysis of the iBanking mobile bot reveals an advanced and mature malware that targets Android devices,” RSA added. “The iBanking malware shows that mobile malware developers are becoming aware of the necessity to protect their bots against analysis, and indicates a possible new trend in this new and evolving mobile malware space.”
The best advice is to not download apps that banking services appear to be pushing at you. It’s likely they could be malicious.
by pbriden via Featured Articles
Posts
No comments: