Massive 20-fold increase in Trojans targeting mobile banking – Kaspersky
Published time: February 27, 2014 10:43
Reuters / Kim Hong-Ji
Kaspersky Labs is reporting an incredible 20-fold explosion in the theft of financial details from mobile devices. Fully 98 percent of malware is breaching banking apps made for Google’s Android OS platform, the IT security company says.
“Cybercriminals have become obsessed by this method of illegal earnings,” the firm says in a report, specifying that while at the beginning of 2013 Kaspersky Labs had “portraits” of 67 banking Trojans, by the end of the year there were already 1,321 “unique samples.”
All in all, Kaspersky catalogued 143,211 “new modifications of malicious programs targeting mobile devices” such as smartphones and tablets in 2013, compared to 40,059 in 2012.
“Kaspersky Lab mobile products prevented 2,500 infections by banking Trojans,” the report said.
“In 2014, we expect to see vulnerabilities of all types being actively exploited to give malware root access on devices, making removal even more difficult,” Kaspersky said.
Unlike millions of computer viruses written for the love of the game and to boost self-esteem of young programmers, banking Trojans are created for purely financial reasons. With their help, cybercrooks are phishing credit card numbers, personal data, logins and passwords to online banking from smartphones processing banking transfers – to steal money from personal bank accounts.
Cybercrime is “becoming more focused on making profits more effectively,” the report said.
Hackers are choosing for their attacks primarily Google’s Android OS “confirming both the popularity of this mobile OS and the vulnerability of its architecture.”
Even the practice of authorizing every banking operation with a special code sent via sms cannot prevent criminals from stealing your money. Some viruses are created to operate simultaneously in a symbiotic mode on your computer and mobile device. When a virus tries to establish access to an online banking account it gets a unique security code sent by the bank to user’s phone – also infected with a copy of the same Trojan. This part of the virus simply forwards the code to its master on the computer – and the bank is fooled into thinking that the log-in attempt is genuine.
Another method used by virus writers is obfuscation, which means making the source code of the phishing Trojan deliberately complex and make its purpose unclear, help it evade anti-virus software and “colonizing” smartphones to siphon off money.
“Today, the majority of banking Trojan attacks target users in Russia and the CIS,” said Kaspersky Labs virus analyst Victor Chebyshev. “However, that is unlikely to last for long: given the cybercriminals’ keen interest in user bank accounts, the activity of mobile banking Trojans is expected to grow in other countries in 2014.”
Chebyshev added: “We already know of Perkel, an Android Trojan that attacks clients of several European banks, as well as the Korean malicious program Wroba.” He also specified the countries with the highest number of attacks. The top five are Russia (40 percent), India (8 percent), Ukraine (4 percent), Vietnam (4 percent) and the UK (3 percent).
The report warns against buying apps in alternative app stores, saying that malicious programs are very likely to be spread this way. Yet even legal web resources do not guarantee protection, as Kaspersky anti-virus products detected infection of 0.4 per cent of official websites.
In the light of the recent news about researchers in Britain showing that computer viruses can spread through Wi-Fi “as efficiently as the common cold spreads between humans,” the perspectives for 2014 do not look good.
“2013 saw the first registered malware attack on a PC launched from a mobile device. We forecast future Wi-Fi attacks from mobile devices on neighboring workstations and the wider infrastructure,” the report concluded.
