Page 12 - index
P. 12
in the majority of cases they are used to steal victim‘s banking credentials or to bypass two-
factor authentication mechanism implemented by financial organizations.
It is evident that the cyber criminal black market is specializing its offer in malware that targets
Android, exactly as for any desktop PC. In the underground market, it‘s possible to acquire
various exploit kits specifically designed for mobile devices that allow for criminals to recruit
machines for botnet architecture, or to organize prolific scam, typically premium SMS and click
fraud.
The number of ―highly specialized suppliers‖ who ―provide commoditized malware services‖ is
increasing, popular banking malware such as Zeus, SpyEye and Citadel have been ported to
mobile, ZitMo, SpitMo and CitMo are their respective mobile versions.
But cybercrime industry is very prolific and on-daily bases are observed several malware
attacks, recently was detected a banking-trojan named Droidpak that targets Windows PCs
which tries to install a mobile banking-trojan on any Android devices connected via USB to the
infected machine.
Another recent threat spotted by security experts is iBanking banking Trojan, a malicious code
available for sale in the underground for $5,000. These prices are very attractive for criminals
gangs, that even if have limited cyber capabilities are able to organize large-scale scams renting
or buying all necessary products and services to conduct financial frauds.
According the RSA‘s FraudAction Group, the iBanking is used to avoid the security mechanisms
implemented by the banking websites, including two-factor authentication.
In the majority of cases, banking malware provides the totals control of infected mobile to the
attackers, in the case of iBanking, for example, the malicious code could be commanded via
SMS or over HTTP beaconing C&C server every pre-defined interval, it implements the
following features:
Capture all incoming/outgoing SMS messages
Redirect all incoming voice calls to a different pre-defined number
In/out/missed call-list capturing
Audio capturing via device‘s microphone
Phone book capturing
URL status: the mobile device will visit a provided URL, returning its status (possibly for
click-fraud schemes.)
Another element of concern for mobile banking is also represented by phishing. Security experts
at Lookout mobile security discovered a phishing campaign against an Israeli bank based which
exploited a cloned mobile application.
In phishing attacks specifically designed to hit mobile devices, attackers use to clone the
legitimate Bank application and try to distribute it to third parties app stores. In the case
13 Cyber Warnings E-Magazine – CTIA Special Edition, September 2014
Copyright © Cyber Defense Magazine, All rights reserved worldwide
