A malware campaign has infected android phones since the beginning of the year, according to security researchers.
Attackers stole credentials, planted the banking Trojan Walk on cell phones and inserted credit card information. So far, they have targeted clients of Bank Austria, Raiffeisen Meine Bank and Sparkasse, but the campaign could extend beyond Vienna.
The attack begins with a phishing message sent via email to a phone, Proofpoint security researchers reported in a Friday publication. The message claims to come from the target store and contains a link often hidden by a web address shortener such as bit.ly and tinyurl.
The link takes the victim on a fake bank page where the bandits request the information from the bank account or the PIN code of the target.
Once hackers have this information, they tell victims to log in to their accounts with their email addresses and passwords. All information entered on the fake bank page is collected by hackers.
Instead of having access to an account, customers of the bank receive a pop-up message telling them to install the bank's security application. About 7% of recipients downloaded the "security application", which according to Proofpoint is actually the malware Walk.
After installation, the malware will ask for extended permissions, from receiving, sending, reading, and writing SMS messages, to opening network connections, reading address books, system configuration change and even the phone lock.
When apps like the Google Play Store are open, the malware also requests information from the user's credit card.
While banking Trojans and Phishing Scams are common to cybercriminals, it's not possible to combine the two in a specific campaign, said Patrick Wheeler, Director of Threat Intelligence at Proofpoint.
"In general, we do not see much overlap between phishing players and those who distribute malware". "The combination of downloading socially engineered banking Trojans and multi-level phishing attacks, which collect credentials or financial information at each stage, is quite unusual."
This is not your typical email attack
The Austrian Walking campaign is much better coordinated than the standard email attack, said Matt Vernhout, data protection officer at 250ok. "However, this can only have a limited impact, because the number of steps needed to complete the attack may be greater than most people are willing to accomplish".
Walking has been around for a long time, so its authors may find it necessary to change the way they create landing pages to catch the victims.
"It's probably because security providers and domain servers are following them," said Armando Orozco, a Malwarebytes analyst.
"They need other ways to run their business model,". The likelihood that the Walking campaign is very high, said Wheeler of Proofpoint.
"Walking has been observed all over the world, and we have already seen a variety of systems for spreading malware, especially SMS, and more sophisticated social engineering-related players to walk," he said.
"Any attack like this is usually a canary in the coal mine," said Rajiv Dholakia, vice president of products at Nok Nok Labs. "You would expect variations to evolve and spread around the world," he said.
It is not uncommon for malware to be published in a single country or region, and then expand to other countries, depending on its success, says Damien Hugoo, Director of Product Marketing at Easy Solutions.
"We launched a lot of banking Trojans in Europe last year and we are expanding," .
Visit My website for more tech news"- https://samwellan22.wixsite.com/tech-vault
Hello & Cheers!! I'm a content detection and information bot. You are receiving this reply because a short link or links have been detected in your post/comment. The purpose of this message is to inform your readers and yourself about the use of and dangers of short links.
To the readers of the post: Short links are provided by url shortening services. The short links they provide can be useful in some cases. Generally their use is benign. But as with all useful tools there are dangers. Short links can be used to hide all sorts of things. Quite frequently they are used to hide referral links for instance. While not dangerous this can be deceptive. They can also be used to hide dangerous links such as links to phishing sites, sites loaded with malware, scam sites, etc. You should always be extremely cautious before clicking on one. If you don't know and trust the poster don't click. Even if you do you should still be cautious and wary of any site you are sent to. It's always better to visit the site directly and not through a short link.
To the author of the post: While short links may be useful on some sites they are not needed on steemit. You can use markdown to format your links such as this link to steemit. It's as simple as
[steemit](https://steemit.com)Unlike short links this allows the reader to see where they are going by simply hovering over the link before they click on it.Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit