Friday, June 28, 2013

New Breed of Banking Malware Hijacks Text Messages

So now two-factor authentication using your cell phone might not be enough to protect you.

New Breed of Banking Malware Hijacks Text Messages "But RSA's Anti-Fraud Command Center on Monday found and reported on a Trojan called Bugat that has been updated to hijack out-of-band authentication codes sent to bank customers via SMS. This doesn't mean out-of-band authentication via text messaging is useless, but it can be compromised using a dated, unsophisticated piece of malware."

First some standard malware installed via the usual means.

"When the customer logs into his online banking account from the infected machine, the Trojan will pop up a screen created via web injection. One created by the Bugat Trojan will tell the victim he needs to install security for his phone to protect his mobile banking transactions. It will ask him for his phone number and the type of mobile platform he uses (Android, iOS, BlackBerry, etc.) The customer is then provided with a link to download the security application on a third-party site."

So this doesn't work on iPhones since you can only install stuff from the App Store. On Android the default is to only allow installs from Google Play store but you can change that to allow 3rd party installs. So once you install the software, it asks for ams permissions, looks for bank messages, etc.

"The Bugat Trojan is private malware developed by Russian-speaking developers for a closed gang, Kessem says. It's been in operation since 2010, but the nature of the attacks it's used for has changed and the SMS component is new."

No comments: