SMS stealing apps uploaded to Google Play by Carberp banking malware gang
The apps were designed to steal mobile transaction authentication numbers from Russian online banking users, Kaspersky Lab says
IDG News Service - Several malicious Android apps designed to steal mobile transaction authentication numbers (mTANs) sent by banks to their customers over SMS (Short Message Service) were found on Google Play by researchers from antivirus vendor Kaspersky Lab.
The apps were created by a gang that uses a variant of the Carberp banking malware to target the customers of several Russian banks, Denis Maslennikov, a senior malware analyst at Kaspersky, said Friday in a blog post.
Many banks use mTANs as a security mechanism to prevent cybercriminals from transferring money from compromised online banking accounts. When a transaction is initiated from an online banking account, the bank sends an unique code called an mTAN via SMS to the account owner's phone number. The account owner has to input that code back into the online banking website in order for the transaction to be authorized.
In order to defeat this type of defense, cybercriminals created malicious mobile apps that automatically hide SMS messages received from numbers associated with the targeted banks and silently upload the messages back to their servers. Victims are tricked into downloading and installing these apps on their phones via rogue messages displayed when visiting their bank's website from an infected computer.
SMS stealing apps have previously been used together with the Zeus and SpyEye banking Trojan programs and are known as Zeus-in-the-Mobile (ZitMo) and SpyEye-in-the-Mobile (SpitMo) components. However, this is the first time a rogue mobile component designed specifically for the Carberp malware has been found, Maslennikov said.
Unlike Zeus and SpyEye, the Carberp Trojan program is primarily used to target online banking customers from Russia and other Russian-speaking countries like Ukraine, Belarus or Kazakhstan.
According to a report in July from antivirus vendor ESET, Russian authorities arrested the people behind the three largest Carberp operations. However, the malware continues to be used by other gangs and is being sold on the underground market for prices between $5,000 and $40,000, depending on the version and its features.
"This is the first time we've seen mobile malicious components from a Carberp gang," Aleksandr Matrosov, senior malware researcher at antivirus vendor ESET, said Friday via email. "Mobile components are used only by one Carberp group, but we can't disclose more details at the present."
The new Carberp-in-the-Mobile (CitMo) apps found on Google Play masqueraded as mobile applications from Sberbank and Alfa-Bank, two of Russia's largest banks, and VKontakte, the most popular online social networking service in Russia, Maslennikov said. Kaspersky contacted Google on Wednesday and all CitMo variants were deleted from the market by Thursday, he said.
However, the fact that cybercriminals managed to upload these apps to Google Play in the first place raises questions about the efficiency of the app market's anti-malware defenses, such as the Bouncer anti-malware scanner announced by Google earlier this year.
As TurboTax deals with the last minute crush of filers, vice president Bob Meighan shares the four most commonly asked questions customers are asking this year.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- The Big Data Opportunity for HR and Finance
- If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- Manufacturing Outlook: Improving time to market, operational effectiveness and innovation in a highly competitive environment
- An enterprise project portfolio management solution can help manufacturers position themselves in the new competitive landscape.
- Time-to-Market: The Need for Speed in the Automotive Industry
- Bringing new vehicles to market quickly has never been more challenging. To bring new models to market on-time and on budget, automakers need...
- Application Rationalization Scorecard: Analysis to Action
- This paper details a proven method, used most recently to evaluate a financial services application portfolio. At the method's core is the scorecard....
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
All Financial IT White Papers
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Mobile Security: Containerizing Enterprise Data In this on-demand webinar, Fixmo's Lee Cocking, VP of corporate strategy, explains why Apple-ization trends like mobility and "bring-your-own-device" (BYOD) are driving the...
- Endpoint Data Management: Protecting the Perimeter of the Internet of Things Not surprisingly, "Internet of Things" (IoT) and Big Data present new challenges AND opportunities for enterprise IT. Teams need to harness, secure and...
- How to Protect Enterprise Data Yet Enable Secure Access for End Users Learn how BYOD, Big Data and the use of rogue applications and devices is putting corporate data at risk, best practices from IT...
- All Financial IT Webcasts