Posted in: Blog, Posted On: Feb 27, 2014, Posted By: cyberinfoadmin
Android iBanking Trojan Source Code Leaked
Since many banking sites use two-factor authentication and transaction authorization systems in order to deal with the various threats, by sending unique one-time-use codes to their customers’ registered phone numbers via SMS, cyber criminals in order to defraud them, have started to create various mobile malware like iBanking to serve their purpose!
According to Security Researcher Daniel Cohen, the iBanking mobile bot is relatively new to the mobile malware arena, and has been available for sale in the Underground Hacking Marketplace [Forum Link] since late last year for $5,000.
“We first saw the iBanking malware was distributed through HTML injection attacks on banking sites, social engineering victims into downloading a so called ‘security app’ for their Android devices.“, said the RSA researchers in a blog post.
“The malware is an example of the ongoing developments in the mobile malware space and we are now seeing the next generation of malicious apps being developed and commercialized in the underground, boasting web-based control panels and packing more data-stealing features.”, said Daniel and added that
“The malware’s ability to capture SMS messages and audio recordings, as well as divert voice calls makes step-up authentication all the more challenging as fraudsters gain more control over the OOB device. This highlights the need for stronger authentication solutions capable of validating users’ identities using multiple factors including biometric solutions.”