Slick $5K Malware-as-a-Service Takes Over Android to Steal Financial Data

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
The powerful iBanking Android malware spreads beyond Russian cyber-gangs.
$5,000 Android malware-as-a-service subscriptions are making the rounds in the underground, originally crafted for powerful Russian cybercrime gangs looking to broaden their attacks on financial institutions. The tool, known as iBanking, comes complete with updates and technical support included in the fee, and is making its way into the hands of less well-funded users.

“iBanking is one of the most expensive pieces of malware Symantec has seen on the underground market, and its creator has a polished, software-as-a-service business model,” the security firm said in its blog on the subject. However, the owner, who goes by the cryptic but effective GFF, is willing strike a deal with the less well-funded, offering leases in exchange for a share of the profits.

There was also a recent leak of its source code, meaning there could significant increase in activity going forward. The leaked version of iBanking is unsupported and contains an unpatched vulnerability, so serious criminals will likely stick with the paid version.

From humble beginnings as a simple SMS stealer, iBanking has evolved into a powerful Android trojan that can steal phone information, intercept voice and SMS communications, record audio through the phone’s microphone, upload contacts lists, geolocate the device, access file systems and program listings, wipe devices remotely, and forward or redirect calls. iBanking specifically goes after Android users, and often masquerades as legitimate social networking, banking or security applications. Once it is installed on the phone, the attacker has almost complete access to the handset.

“[It] is mainly being used to defeat out-of-band security measures employed by banks, intercepting one-time passwords sent through SMS,” Symantec explained. “It can also be used to construct mobile botnets and conduct covert surveillance on victims. iBanking has a number of advanced features, such as allowing attackers to toggle between HTTP and SMS control, depending on the availability of an Internet connection.”

Symantec went on to explain how it the infection works:

After unwittingly downloading iBanking, The victim is usually already infected with a financial Trojan on their PC, which will generate a pop up message when they visit a banking or social networking website, asking them to install a mobile app as an additional security measure.

The user is prompted for their phone number and the device operating system and will then be sent a download link for the fake software by SMS. If the user fails to receive the message for any reason, the attackers also provide a direct link and QR code as alternatives for installing the software. In some cases, the malware is hosted on the attackers’ servers. In other cases, it is hosted on reputable third-party marketplaces.


Read more: http://www.infosecurity-magazine.co...e-takes-over-android-to-steal-financial-data/
 
  • Like
Reactions: BoraMurdar

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top