Experts Say Malware Can Attack Android Users Via Facebook
by: Bryon Turcotte / April 22, 2014
According to a recent article published on the Security Week website, Facebook members are now being targeted by cyber attackers with "_Google Android malware_" to conquer a "_common authentication mechanism_" used by the banking system. This malware, called iBanking, can _"steal SMS messages_", "_redirect incoming phone calls_" and "_capture audio using the device's microphone," according to the report. However, additional information released in the report shows that iBanking is not the originator of this issue – it begins with an infection in the user's computer.
Researchers at ESET, an IT security company headquartered in Bratislava, Slovakia, have been monitoring "Win32/Qadars_", an infectious "_banking Trojan_" which launches theattackaccording to thearticle. According to the report, the company determined during the monitoring process that "_the Trojan was spotted attempting to get victims to install iBanking_". Jean-Ian Boutin, an ESET researcher, was quoted in thearticleto say, "_As reported by independent researcher Kafeine, this mobile application [iBanking] was for sale in underground forums and was used by several banking Trojans in an attempt to bypass a mobile two-factor authentication method put forth by some financial institutions."
Boutin, as quoted further in the article, continued to add how the "source code of themalware_", "_the web admin panel source_" and a "_builder script_" was "_leaked_" on several "_underground forums_". He clarified that that with this information and ability a potential attacker can then "_adapt the mobile malware to another target_" and start implementing "_some creative uses of the iBanking application._" Thearticlecontinues to state that, as Boutin outlined, once aFacebookuser logs into their account, the malware "_injects a fake verification page into the site and requests the user's mobile phone number and asks what mobile operating system the phone uses." Android phones will "_be shown a message stating a text message is on the way_" which will when received "_ask the user to click on a link_" which moves the attack along, according to the report.
Read more about this type of attack in the complete article and how researchers say that an installation of iBanking proves to be a common occurrence today.