A lot of people I speak with seem to be under the unfortunate impression that smartphones are a safe device for conducting business, banking and other sensitive tasks. Those people would be sad to know that in many countries, the Android IOS is now under more attack than Windows.
In fact, in Australia, more than 10% of Android phones have been attacked within the last six months.
But even knowing that, it was shocking to hear that cybercriminals made away with nearly €36 million using Android-based malware. The malware targeted mobile banking users and siphoned away money by performing automatic transfers. It’s estimated that the crooks made away with €500 to €250,000 per attack.
The attack worked by infecting victims’ PCs and mobiles with a modified version of the Zeus trojan. When victims attempted online bank transactions, the process was intercepted by the trojan. Under the guise of upgrading the online banking software, victims were duped into giving additional information including their mobile phone number, infecting the mobile device. The mobile Trojan worked on both Blackberry and Android devices, giving attackers a wider reach.
With victims’ PCs and mobile devices compromised, the attackers could intercept and hijack all the victims’ banking transactions, including the key to completing the transaction: the bank’s SMS to the customer containing the ‘transaction authentication number’ (TAN). With the account number, password, and TAN, the attackers were able to stealthily transfer funds out of victims’ accounts while victims were left with the impression that their transaction had completed successfully. [CheckPoint]
Customers at an estimated 30 different banks were affected by the attacks.
This is the kind of thing that can be prevented with just a few precautions. SumRando recommends using a dedicated browser only for online banking. If you normally use Firefox, use Chrome for banking. And certainly try to avoid banking on your smartphone if at all possible.