Android malware coders have come up with a clever trick to mask fraudulent bank transactions, operating by changing the user's smartphone PIN, then locking the device, and by doing so keeping him busy while they empty his bank account.
The first version of this malware appeared in December 2015, but went mostly unreported, targeting a small number of users. Since then, this Android malware, known as the Fanta SDK, has evolved in capabilities but has kept its mode of operation the same.
Malicious banking apps spread via fake bank notification emails
Trend Micro, the security firm that discovered this threat, says that crooks are using spam emails to distribute their malware-laced applications.
A user first receives an email with his bank's email address spoofed, and he's told that a new security update for his banking application was recently released and that he should update his app. Right now, the app only targets the users of Russian banks.
If the user has one of those apps installed on his phone, he'll likely follow the download link included in the email and download the app on his phone. Recommended is that users update the mobile banking app through the Google Play Store, and not via manual downloads.
Malicious app needs admin privileges to show phishing screens
After the user downloads and installs the app, he'll be prompted to grant it administrative privileges. Trend Micro experts explain why users should not give any suspicious app admin privileges.
“ Keep in mind that most legitimate apps do not request admin privileges. This is a common red flag users should catch early when dealing with mobile malware. ”
After the app gets admin privileges, it will wait for the user launch the mobile banking app of a targeted bank. At this point, the app will show a popup through which it phishes the user's banking credentials, and then redirect him to the legitimate app.
The malicious app then sends these credentials to the crooks' server who will use them to make fraudulent transactions.
Malware will also change your PIN when you try to uninstall it.
Full Article: Malware Empties Bank Accounts While Users Desperately Try to Unlock Their Phones
The first version of this malware appeared in December 2015, but went mostly unreported, targeting a small number of users. Since then, this Android malware, known as the Fanta SDK, has evolved in capabilities but has kept its mode of operation the same.
Malicious banking apps spread via fake bank notification emails
Trend Micro, the security firm that discovered this threat, says that crooks are using spam emails to distribute their malware-laced applications.
A user first receives an email with his bank's email address spoofed, and he's told that a new security update for his banking application was recently released and that he should update his app. Right now, the app only targets the users of Russian banks.
If the user has one of those apps installed on his phone, he'll likely follow the download link included in the email and download the app on his phone. Recommended is that users update the mobile banking app through the Google Play Store, and not via manual downloads.
Malicious app needs admin privileges to show phishing screens
After the user downloads and installs the app, he'll be prompted to grant it administrative privileges. Trend Micro experts explain why users should not give any suspicious app admin privileges.
“ Keep in mind that most legitimate apps do not request admin privileges. This is a common red flag users should catch early when dealing with mobile malware. ”
After the app gets admin privileges, it will wait for the user launch the mobile banking app of a targeted bank. At this point, the app will show a popup through which it phishes the user's banking credentials, and then redirect him to the legitimate app.
The malicious app then sends these credentials to the crooks' server who will use them to make fraudulent transactions.
Malware will also change your PIN when you try to uninstall it.
Full Article: Malware Empties Bank Accounts While Users Desperately Try to Unlock Their Phones
