silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,176
The Wroba mobile banking trojan has made a major pivot, targeting people in the U.S. for the first time.
According to researchers at Kaspersky, a wave of attacks are taking aim at U.S. Android and iPhone users in an effort that started on Thursday. The campaign uses text messages to spread, using fake notifications for “package deliveries” as a lure.
The message inside the SMS contains a link and reads, “Your parcel has been sent out. Please check and accept it,” noted researchers from Kaspersky, in an emailed alert on Friday.
If users click on the link, the next thing that happens depends on which operating system is used by the device. A click takes Android users to a malicious site, which in turn surfaces an alert to users saying that the browser is out-of-date and needs to be updated. If the user clicks ‘OK’, next the downloading of a trojanized browser package with the malicious application begins.
But where Android users are served up the full Wroba download, according to researchers, the executable doesn’t work on iPhone. For iOS users the Wroba operators instead engineer a redirect to a phishing page. The page mimics the Apple ID login page in an effort to harvest credentials from Apple aficionados, but no malware is installed.
Wroba Mobile Banking Trojan Spreads to the U.S., via Texts
The Roaming Mantis group is targeting the States with a malware that can steal information, harvest financial data and send texts to self-propagate.
threatpost.com