Android Trojan attacks European banks

Recently Trusteer discovered the first Tatanga-based man in the cellular (MITMO) assault as well as new SPITMO adjustments which are focusing on Android cellular financial clients in Malaysia, Holland, Portugal and Spain.

With nearly 60 percent of the market and a popularity for poor app protection, it’s no surprise that Android has become the recommended focus on for financial viruses.

Like previous strikes, both the SPITMO and Tatanga MITMO variations focus on Windows clients on the web and use a web hypodermic injection in the pc web browser to attract them into setting up a bogus protection program on their mobile phones. The scammers claim this program is needed by the lender as a new part of protection, and that 15 million financial institution clients around the world are already using it.

The affected individuals are requested to choose the device’s managing program from the following list:
iOS (iPhone)
BlackBerry
Android (Samsung, HTC, etc.)
Symbian (Nokia)
other.

In most strikes, if the sufferer is using an managing program other than Os the viruses shows the individual that no further action is needed. However, for all Android clients, the pc component of the MITMO assault needs the victim’s contact number and updates them that a weblink for setting up the protection program has been sent (via SMS) to their cell phone.

The individual is instructed to set up the bogus program from this weblink and enter the initial code provided by the viruses. Certain strikes also ask for that BlackBerry clients obtain the program, but it does not actually set up on these gadgets.

Once installed, the cellular viruses records all SMS traffic, such as deal permission requirements sent by the lender to the sufferer via SMS, and ahead them to the scammers. This enables the thieves to start bogus transactions and catch the protection requirements needed to avoid SMS-based out-of-band permission systems used by many European financial institutions.

The enemies use different social technological innovation techniques in each country to attract affected individuals into setting up the bogus program, such as URLs with the words “secure” and “Android files” with a .com domain name.

Trusteer examined the signing up information for these URLs, which were located in Chinese suppliers and the US. They were authorized in May just prior to the initial strikes. All URLs are non-active at this moment. Both Tatanga and SpyEye use the same android program in this assault.

Spanish financial institution customer attacks

In the assault on Spanish financial institutions, the affected individuals are requested to obtain the protection program from a weblink in an SMS sent to their cell mobile phones. Below is a screen catch of the concept shown to the sufferer during their internet financial period.

The concept refers to that financial institution has taken steps to protect its clients against strikes on cell phone gadgets and requires the individual set up the program.

The malware then asks the Android users to submit a code they received with the text message to activate the application:

BlackBerry users are notified that the security application has been installed successfully, although it only installs on Android devices.

Victims that use other mobile operating systems are notified that their device does not require this special security measure:

German financial institution customer attacks

In the german strikes, thieves attract affected individuals into installing the fake program by declaring the lender has developed special safety measures in collaboration with Oracle. The scammers claim that more than 15 million financial institution customers around the world already use the system.

Android customers are asked to download the protection program from a link sent by the viruses via an SMS, and to submit the initial code on the loan companies (spoofed) web page. As in the Spanish assault, BlackBerry customers are informed that the program was successfully installed and that they are protected, although no installation actaully occurs.

Meanwhile, affected individuals that use other cellular systems are informed that their device does not require any additional protection.

This development verifies that Man-in-the-Mobile strikes are focusing primarily on Android gadgets. Multiple research that Android gadgets account for more than 60% of mobile phone market in the targeted countries (Spain, People from france, Malaysia and the Netherlands). Os popularity and the relative ease of developing and circulating Android applications are probably the reasons why Cybercriminals have designated this particular foundation for cellular viruses strikes.

Today, thieves are limiting Android gadgets to avoid out-of-band protection systems that send SMS messages to approve both web and cellular banking dealings. Going forward, Trusteer desires thieves to be expanded their assault tactics on cellular phone gadgets to imitate desktop assault techniques, including web hypodermic injection, key loggers, and screen capture, among others.