Financial fraud remains one of the most dangerous kinds of activity that a malware might perform after infecting your computer. So called âbanking Trojansâ are able to inject themselves between you and your bank, thus manipulating your funds and redirecting your payments to criminalsâ bank accounts. To counter this threat, most banks utilize so-called âTwo-factor authenticationâ, which is typically implemented via SMS. When you try to transfer funds online, you must approve the transaction using your password, plus a one-time password (OTP, mTAN) being sent via text message to your smartphone. In turn, criminals developed a scheme in which they try to infect both your computer and smartphone to steal the password and mTAN at the same time. This scheme was first introduced in the Zeus/ZitMo malware duo, and it proved quite effective. Recently, the same concept was implemented in the Android malware called Faketoken. Unfortunately, it is quite effective, too, and a recent report, âIT threat evolution Q1 2014â published by Kaspersky Lab, indicates that Faketoken reached #13 in the Top 20 mobile threats âhit paradeâ, accounting for 4,5% of all infections.
The mechanics of Faketoken infection is actually quite interesting. Criminals utilize social engineering to infect a smartphone. During an online banking session, the computer-based Trojans use a web inject to seed a request on the infected webpage to download an Android application that is allegedly needed in order to conduct secure transactions, but the link actually leads to Faketoken. After the mobile threat ends up on a userâs smartphone, cybercriminals then use the computer-based Trojans to gain access to the victimâs bank account, and Faketoken allows them to harvest mTANs and transfer the victimâs money to their accounts.
Faketoken banking malware attacks smartphones in 55 countries, including: Germany, the UK and the US. #Kaspersky #report
Tweet
According to reports, most mobile banking threats are designed and initially used in Russia; later, cybercriminals may subsequently use them in other countries. Faketoken is one such program. During the first three months of 2014, Kaspersky Lab detected attacks involving this threat in 55 countries, including: Germany, Sweden, France, Italy, the UK, and the US. To mitigate the risk, users must utilize Multi-Device protection, i.e. using a dedicated security solution both on PC and Android smartphone.
Source: kaspersky.com