Date:17/09/18
This mobile banking Trojan is distributed via phishing SMS messages with a suggestion to view the photo or MMS via the link. By clicking on the corresponding web page, the user sees a download button, when clicked, the malicious file is downloaded. Often, phishing messages contain a name appeal, as they are addressed from the smartphone of the previous victim (they use the names under which the numbers are written in the phone book of the infected gadget).
Asacub gets on the device only in the event that the owner of the smartphone has allowed installation of unknown sources. Typically, the Trojan is disguised as applications for working with MMS or popular services of free ads. During installation, it asks for administrator privileges or permission to use the Accessibility Service.
Once the victim provides the malware with all that is needed, the victim assigns itself to the application for processing SMS messages by default and proceeds to malicious actions. First of all, Asacub starts to interact with the command server of the attackers, in particular, it passes information on the model of the smartphone, the OS version, the cellular operator and its version.
The Trojan can steal money from a bank card attached to the phone number, sending SMS messages to transfer funds to another account by card or mobile phone number. Some of its versions are even capable of independently extracting confirmation codes from incoming SMS messages and sending them to the desired number. In this case, the user will not be able to check the balance via a mobile bank or change any settings in it, since after receiving a special command, Asacub prohibits the opening of a banking application on the device.
Kaspersky Lab's antivirus expert Tatiana Shishkova said that the Asacub family has evolved, as it believes in the company, from the Trojan Smaps and for the first time announced itself in 2015. "Now it continues to bring financial gain to malefactors – there is a sharp increase in the number of infections, which once again confirms that malware can spread over the long term in the same way, while only progressing, because users still navigate through suspicious links, install Software from unknown sources and give applications any permissions, "added Tatyana Shishkova.
In order not to become a victim of cybercriminals, Kaspersky Lab recommends that you adhere to the basic rules: download applications only from official stores, prohibit installing third-party applications in your smartphone settings, do not navigate through suspicious links from unknown senders, carefully check what rights the application requests when installing and in the course of work, install a reliable protection solution on your mobile device.
Kaspersky Lab's antivirus expert Viktor Chebyshev said that in the second quarter of 2018 both the number of financial threats and their activity increased. "This is a global situation and Russia is among the leaders in the number of attacked users," he stressed. According to Viktor Chebyshev, the number of such viruses will definitely grow. "We are seeing this situation, and so far there are no prerequisites for reducing the activity of cybercriminals," he added.
Banking Trojans, targeting the Android platform, are now at the peak of popularity, said Doctor Web specialist Alexander Vurasko. "This popularity is facilitated by the wide spread of electronic payments and the ability to manage operations on a bank account from a mobile device.Unfortunately, the platform is not chosen by chance, it's the most popular mobile OS, and therefore the chances of finding potential victims among users of Android- devices are quite high due to their multiplicity.In the coming years, we should not expect a significant decrease in the activity of such malicious programs, "added the expert t.
According to Alexander Vurasko, in August, experts of the company "Doctor Web" have identified several new families of mobile banking Trojans, and downloaders of some of them were distributed through the official store of Google Play applications under the guise of legitimate applications. "Example: Android.Banker.2843, distributed in August under the guise of an official application of one of the Turkish credit organizations and designed to steal logins and passwords to access the user's bank account," said Alexander Vurasko.
Alexander Vurasko also noted that in addition to the classic banking Trojans on Android, so-called "clippers" also migrate, for example Android.Clipper.1.origin, which tracks the clipboard and replaces the numbers of electronic wallets of popular payment systems and crypto-currency that are copied into it. The malicious program is "interested in" the purse numbers Qiwi, Webmoney, "Yandex.Money", Bitcoin, Monero, zCash, DOGE, DASH, Etherium, Blackcoin and Litecoin. When a user copies one of them to the clipboard, the Trojan intercepts it and sends it to the management server. In response, Android.Clipper.1.origin receives information about the purse's purse number, to which it replaces the victim's number. "As a result, the owner of the infected device runs the risk of transferring money to the account of virus writers," added Alexander Vurasko.
The head of the department of technical support of products and services Eset Russia Sergey Kuznetsov believes that the popularity of mobile banking Trojans for the IS market is normal. "Nothing new and weird, we fix periodic bursts of activity of various banking Trojans in parallel with the launch of another phishing newsletter and / or sending out spam," Sergey Kuznetsov specified.
According to Sergei Kuznetsov, in the past few years the market of customized Trojans, encryptors, miners and similar software is actively developing. "It makes no sense to spend resources on the" invention of a bicycle "when it is possible to buy or rent an already prepared malicious program, supplement it with the necessary data (your text, purse, picture, etc.) and launch a campaign in the wild.Therefore, the number of new Trojans , most likely, soon it will stop growing.This is indirectly confirmed by AV-Test statistics, "he noted.
Check Point Software Technologies Ltd. Nikita Durov noted that according to the latest studies by Check Point, in August of the current year in the top three active mobile threats were immediately two trojans: Lokibot and Triada. Also in August, the number of attacks using another banking trojan, Ramnit, increased dramatically.
According to Check Point Software Technologies, the activity of malware in recent months has doubled. Analysis of the cyberthreat showed that the reason for its activity was a large-scale campaign, during which the victim's devices became malicious proxy servers. "In August 2018, Ramnit jumped to the sixth place in the threat ranking Threat Index and became the most widespread banking trojan in the upward trend of banking threats," added Nikita Durov.
According to him, now the activity of bank Trojans is associated with a low level of cyber-education in Russia. "If companies with such threats are helped by the IS departments, ordinary users often do not even suspect about cyberries that surround them every day," said Nikita Durov. He also added that mobile banking Trojans constantly appear in the rankings of the most active mobile cyberthreats. "I believe that we will continue to observe their high activity further," he predicted.
The head of the department of mobile threats and mobile security Avast Nikolaos Krisaidos believes that cybercriminals personalize attacks and optimize mechanisms for spreading threats depending on the geography of their goals. "In the past six months, we have seen a significant increase in the number of mobile banking threats, and we expect that we will continue to observe this trend," he said.
The likely reasons for the increase in activity, according to Nikolaos Chrisidos, may be the leakage of malicious code into a darknet, in ineffective security checks that allow cyber threats to penetrate Google Play, as well as the emergence of new cyber-frauds targeted at mobile device users. "All these factors can cause a surge in the growth of new complex malicious banking families, and we have already witnessed how cybercriminals are testing various families of malware to see how profitable they are," said Nikolaos Krisaidos.
According to him, one of the reasons for the popularity of mobile banking Trojans is the popularity of mobile applications. As the research Avast, conducted in February shows, they are used by 57% of Russians. "Cybercriminals take into account the growing pool of their targeted potential victims and use bank-based Trojans to make a profit, and 34% of users who do not use mobile banking applications have identified a lack of security as the main reason," he says.
Another reason for the popularity of bank mobile Trojans, as Nikolaos Krisaidos said, was the security problem caused by user problems related to the authentication of banking interfaces: "In the study, we also asked respondents to compare the official and fake interfaces of banking applications for authenticity." Almost a quarter of Russians 24%) defined this interface as a fake, and 29% mistakenly accepted the fake interface for real .This clearly shows that identifying fake interests Rails of banking applications is not an easy task, and many users risk becoming a victim of bank Trojans if they are not protected properly, "said Nikolaos Krisaidos.
Asacub went on the attack
Kaspersky Lab has recorded a large-scale campaign to infect the mobile banking Trojan, Asacub. According to experts, the number of users who face this malicious program reaches 40,000 per day. And 98% of Asacub infections (225 thousand) fall on Russia, Ukraine, Turkey, Germany, Belarus, Poland, Armenia, Kazakhstan, the USA and others are among the affected countries.This mobile banking Trojan is distributed via phishing SMS messages with a suggestion to view the photo or MMS via the link. By clicking on the corresponding web page, the user sees a download button, when clicked, the malicious file is downloaded. Often, phishing messages contain a name appeal, as they are addressed from the smartphone of the previous victim (they use the names under which the numbers are written in the phone book of the infected gadget).
Asacub gets on the device only in the event that the owner of the smartphone has allowed installation of unknown sources. Typically, the Trojan is disguised as applications for working with MMS or popular services of free ads. During installation, it asks for administrator privileges or permission to use the Accessibility Service.
Once the victim provides the malware with all that is needed, the victim assigns itself to the application for processing SMS messages by default and proceeds to malicious actions. First of all, Asacub starts to interact with the command server of the attackers, in particular, it passes information on the model of the smartphone, the OS version, the cellular operator and its version.
The Trojan can steal money from a bank card attached to the phone number, sending SMS messages to transfer funds to another account by card or mobile phone number. Some of its versions are even capable of independently extracting confirmation codes from incoming SMS messages and sending them to the desired number. In this case, the user will not be able to check the balance via a mobile bank or change any settings in it, since after receiving a special command, Asacub prohibits the opening of a banking application on the device.
Kaspersky Lab's antivirus expert Tatiana Shishkova said that the Asacub family has evolved, as it believes in the company, from the Trojan Smaps and for the first time announced itself in 2015. "Now it continues to bring financial gain to malefactors – there is a sharp increase in the number of infections, which once again confirms that malware can spread over the long term in the same way, while only progressing, because users still navigate through suspicious links, install Software from unknown sources and give applications any permissions, "added Tatyana Shishkova.
In order not to become a victim of cybercriminals, Kaspersky Lab recommends that you adhere to the basic rules: download applications only from official stores, prohibit installing third-party applications in your smartphone settings, do not navigate through suspicious links from unknown senders, carefully check what rights the application requests when installing and in the course of work, install a reliable protection solution on your mobile device.
Kaspersky Lab's antivirus expert Viktor Chebyshev said that in the second quarter of 2018 both the number of financial threats and their activity increased. "This is a global situation and Russia is among the leaders in the number of attacked users," he stressed. According to Viktor Chebyshev, the number of such viruses will definitely grow. "We are seeing this situation, and so far there are no prerequisites for reducing the activity of cybercriminals," he added.
Banking Trojans, targeting the Android platform, are now at the peak of popularity, said Doctor Web specialist Alexander Vurasko. "This popularity is facilitated by the wide spread of electronic payments and the ability to manage operations on a bank account from a mobile device.Unfortunately, the platform is not chosen by chance, it's the most popular mobile OS, and therefore the chances of finding potential victims among users of Android- devices are quite high due to their multiplicity.In the coming years, we should not expect a significant decrease in the activity of such malicious programs, "added the expert t.
According to Alexander Vurasko, in August, experts of the company "Doctor Web" have identified several new families of mobile banking Trojans, and downloaders of some of them were distributed through the official store of Google Play applications under the guise of legitimate applications. "Example: Android.Banker.2843, distributed in August under the guise of an official application of one of the Turkish credit organizations and designed to steal logins and passwords to access the user's bank account," said Alexander Vurasko.
Alexander Vurasko also noted that in addition to the classic banking Trojans on Android, so-called "clippers" also migrate, for example Android.Clipper.1.origin, which tracks the clipboard and replaces the numbers of electronic wallets of popular payment systems and crypto-currency that are copied into it. The malicious program is "interested in" the purse numbers Qiwi, Webmoney, "Yandex.Money", Bitcoin, Monero, zCash, DOGE, DASH, Etherium, Blackcoin and Litecoin. When a user copies one of them to the clipboard, the Trojan intercepts it and sends it to the management server. In response, Android.Clipper.1.origin receives information about the purse's purse number, to which it replaces the victim's number. "As a result, the owner of the infected device runs the risk of transferring money to the account of virus writers," added Alexander Vurasko.
The head of the department of technical support of products and services Eset Russia Sergey Kuznetsov believes that the popularity of mobile banking Trojans for the IS market is normal. "Nothing new and weird, we fix periodic bursts of activity of various banking Trojans in parallel with the launch of another phishing newsletter and / or sending out spam," Sergey Kuznetsov specified.
According to Sergei Kuznetsov, in the past few years the market of customized Trojans, encryptors, miners and similar software is actively developing. "It makes no sense to spend resources on the" invention of a bicycle "when it is possible to buy or rent an already prepared malicious program, supplement it with the necessary data (your text, purse, picture, etc.) and launch a campaign in the wild.Therefore, the number of new Trojans , most likely, soon it will stop growing.This is indirectly confirmed by AV-Test statistics, "he noted.
Check Point Software Technologies Ltd. Nikita Durov noted that according to the latest studies by Check Point, in August of the current year in the top three active mobile threats were immediately two trojans: Lokibot and Triada. Also in August, the number of attacks using another banking trojan, Ramnit, increased dramatically.
According to Check Point Software Technologies, the activity of malware in recent months has doubled. Analysis of the cyberthreat showed that the reason for its activity was a large-scale campaign, during which the victim's devices became malicious proxy servers. "In August 2018, Ramnit jumped to the sixth place in the threat ranking Threat Index and became the most widespread banking trojan in the upward trend of banking threats," added Nikita Durov.
According to him, now the activity of bank Trojans is associated with a low level of cyber-education in Russia. "If companies with such threats are helped by the IS departments, ordinary users often do not even suspect about cyberries that surround them every day," said Nikita Durov. He also added that mobile banking Trojans constantly appear in the rankings of the most active mobile cyberthreats. "I believe that we will continue to observe their high activity further," he predicted.
The head of the department of mobile threats and mobile security Avast Nikolaos Krisaidos believes that cybercriminals personalize attacks and optimize mechanisms for spreading threats depending on the geography of their goals. "In the past six months, we have seen a significant increase in the number of mobile banking threats, and we expect that we will continue to observe this trend," he said.
The likely reasons for the increase in activity, according to Nikolaos Chrisidos, may be the leakage of malicious code into a darknet, in ineffective security checks that allow cyber threats to penetrate Google Play, as well as the emergence of new cyber-frauds targeted at mobile device users. "All these factors can cause a surge in the growth of new complex malicious banking families, and we have already witnessed how cybercriminals are testing various families of malware to see how profitable they are," said Nikolaos Krisaidos.
According to him, one of the reasons for the popularity of mobile banking Trojans is the popularity of mobile applications. As the research Avast, conducted in February shows, they are used by 57% of Russians. "Cybercriminals take into account the growing pool of their targeted potential victims and use bank-based Trojans to make a profit, and 34% of users who do not use mobile banking applications have identified a lack of security as the main reason," he says.
Another reason for the popularity of bank mobile Trojans, as Nikolaos Krisaidos said, was the security problem caused by user problems related to the authentication of banking interfaces: "In the study, we also asked respondents to compare the official and fake interfaces of banking applications for authenticity." Almost a quarter of Russians 24%) defined this interface as a fake, and 29% mistakenly accepted the fake interface for real .This clearly shows that identifying fake interests Rails of banking applications is not an easy task, and many users risk becoming a victim of bank Trojans if they are not protected properly, "said Nikolaos Krisaidos.
Views: 496
©ictnews.az. All rights reserved.Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World