Facebook members are now being targeted by cyber attackers with “Google Android malware” to conquer a “common authentication mechanism” used by the banking system, according to a recent article published on the Security Week website. This malware, called iBanking, has the ability to “steal SMS messages“, “redirect incoming phone calls” and “capture audio using the device’s microphone“, according to the report. Additional information released in the report shows that iBanking is not the originator of this issue – it begins with an infection in the user’s computer.
Researchers at ESET, an IT security company headquartered in Bratislava, Slovakia, have been monitoring “Win32/Qadars“, an infectious “banking Trojan” which launches the attack, according to the article. The company determined during the monitoring process that “the Trojan was spotted attempting to get victims to install iBanking“, according to the report. Jean-Ian Boutin, an ESET researcher, was quoted in the article to say, “As reported by independent researcher Kafeine, this mobile application [iBanking] was for sale in underground forums and was used by several banking Trojans in an attempt to bypass a mobile two-factor authentication method put forth by some financial institutions.”
Boutin, as quoted further in the article, continued to add how the “source code of the malware“, “the web admin panel source” and a “builder script” was “leaked” on a number of “underground forums“. He clarified that that with this information and ability a potential attacker can then “adapt the mobile malware to another target” and start implementing “some creative uses of the iBanking application.” The article continues to state that, as Boutin outlined, once a Facebook user logs into their account, the malware “injects a fake verification page into the site and requests the user’s mobile phone number and asks what mobile operating system the phone uses.” Android phones will “be shown a message stating a text message is on the way” which will when received “ask the user to click on a link” which moves the attack along, according to the report.
Read more about this type of attack in the full article and how researchers say that an installation of iBanking proves to be a common occurrence today.