Android malware spreads via Facebook to be ...

Android malware spreads via Facebook to be …

April 23, 2014

It’s about a bot It can capture SMS messages, redirect incoming voice calls, or capture audio using the device’s microphone. In addition, it seeks to enter the administrators of the device making it difficult to uninstall

ESET Research Laboratory detected iBanking, a malicious app for android which, when installed in a mobile phone, is capable of spying on the communications developed in it. East bot it has the ability to intercept incoming and outgoing SMS messages, redirect calls, and even capture audio from the device’s microphone.

This application was for sale on underground forums and was used by various banking Trojans with the aim of bypassing the two-factor authentication method on mobile devices. Within the financial world, this method is called “mobile transaction authorization number” (mTAN in English for “Mobile transaction authorization number”) Or mToken, and is used by several banks in the world to authorize banking operations, but it is being increasingly used by Internet services such as Gmail, Facebook and Twitter.

From the monitoring of the Win32 / Qadars banking Trojan, it has been observed that it uses Javascript and spreads on Facebook pages, seeking to tempt users to download an Android application. By entering their phone number, if the victim indicates that they have Android, they are directed to a certain page. If somehow the SMS fails to reach the user’s phone, you can also click on the image URL or use the QR code. In addition, there is also a guide available that explains how to install the application.

The way iBanking is installed is quite common, but it is the first time that a mobile application has been observed that is targeting Facebook users for fraud. Although Facebook’s double factor authentication has been around for some time, it may be that an increasing number of people are starting to use it, making account theft through traditional methods ineffective. It can also be a good way to make the user install iBanking on their phone, so that the botmasters can use the other spying capabilities of the malware.

iBaking is detected by ESET as Android / Spy.Agent.AF, and it is an application that exhibits complex features compared to previous mobile banking malware.

[+] Videos de nuestro canal de YouTube