iBanking malware can spy on Android users
Security firm ESET has warned it has detected a malicious Android application capable of spying on a users’ communications.
The iBanking app has capabilities including capturing incoming and outgoing SMS, redirecting incoming voice calls and even capturing audio using the device’s microphone.
The app is being sold on underground forums, and has been used by several banking trojans in an attempt to bypass mobile two-factor authentication methods used by some financial institutions and web services firms.
ESET said an analysis of the banking trojan Win32/Qadars has uncovered a Webinject method that seeks to lure Facebook users into installing iBanking by disguising it as a two-factor authentication app for the social network.
This is the first time ESET has seen such a mobile application targeting Facebook users for account fraud, as the download would enable attackers to circumvent the social network’s own two-factor authentication.
Alternatively, cybercriminals may simply be using the Webinject method as a way to ensure iBanking is installed on devices so bot masters can make use of its other spying functionalities.
In a blog post, ESET malware researcher Jean-Ian Boutin said now that mainstream web services are being targeted by mobile malware, the use of Webinjects could become more prevalent.
“Will we see content injection functionalities and mobile malware used in non-financial types of malware so that they can take over accounts from popular web services? Time will tell, but because of the commoditisation of mobile malware and the associated code source leaks, this is a distinct possibility,” he said.
Secure-by-design software development for digital innovation
The rise of DevSecOps methodologies and developments in AI offers every business the opportunity...
Bolstering AI-powered cybersecurity in the face of increasing threats
The escalation of complex cyber risks is becoming a pressing issue for those in business...
How attackers are weaponising GenAI through data poisoning and manipulation
The possibility for shared large language models to be manipulated through data poisoning...