A lot of people I
speak with seem to be under the unfortunate impression that smartphones are a
safe device for conducting business, banking and other sensitive tasks. Those
people would be sad to know that in many countries, the Android IOS is now
under more attack than Windows.
In fact, in
Australia, more than 10% of Android phones have been attacked within the last
six months.
But even knowing
that, it was shocking to hear that cybercriminals made away with nearly €36
million using Android-based malware. The malware targeted mobile banking users
and siphoned away money by performing automatic transfers. It’s estimated that
the crooks made away with €500 to €250,000 per attack.
The attack worked by infecting victims’ PCs and mobiles with a modified version of the Zeus trojan. When victims attempted online bank transactions, the process was intercepted by the trojan. Under the guise of upgrading the online banking software, victims were duped into giving additional information including their mobile phone number, infecting the mobile device. The mobile Trojan worked on both Blackberry and Android devices, giving attackers a wider reach.
With victims’ PCs and mobile devices compromised, the attackers could intercept and hijack all the victims’ banking transactions, including the key to completing the transaction: the bank’s SMS to the customer containing the ‘transaction authentication number’ (TAN). With the account number, password, and TAN, the attackers were able to stealthily transfer funds out of victims’ accounts while victims were left with the impression that their transaction had completed successfully. [CheckPoint]
Customers at an
estimated 30 different banks were affected by the attacks.
This is the kind of
thing that can be prevented with just a few precautions. SumRando recommends using
a dedicated browser only for online banking. If you normally use Firefox, use
Chrome for banking. And certainly try to avoid banking on your smartphone if at
all possible.
No comments:
Post a Comment