Mobile banking Trojan Asacub hits 40 000 per day

Kaspersky Lab has picked up on a large-scale distribution campaign of the infamous mobile banking Trojan, Asacub.

Researchers at the company estimate Asacub is reaching 40 thousand individuals each day. Although the Trojan is primarily aimed at Russian users, it has also hit users in many other countries, including Germany, Belarus, Poland, Armenia, Kazakhstan and the US.

According to Kaspersky, Asacub was discovered in 2015, and has evolved over the years. Its erlier iterations were closer to spyware than banking malware. They could steal all incoming SMS messages, irrespective of the sender, and upload them to the intruders' server. The functionality of the latest Asacub modifications help attackers gain remote control of infected devices and steal banking data.

Over the last year, Asacub authors have been upping their efforts and conducting large scale campaigns for its dissemination, to the point that it has held the leading position among mobile banking Trojans for the past twelve months.

Researchers say the reason behind its continued sustainability is that the domains of its command server change, and there are disposable phishing links for downloading the Trojan.

How it works

Asacub is distributed through phishing SMS messages, which invite victims to view a photo or MMS message. If the victim's device settings permit installations from unknown sources, Asacub is able to install itself on the target device as the default SMS application.

See also

Chrome browser flags all sites that are 'not secure'

GandCrab ransomware continues to evolve

In this way, when a new SMS message arrives, it can transmit the sender's number and message text to the intruders' command server. Asacub can withdraw funds from a bank card attached to the phone by sending SMS messages for transferring funds to another card or phone number, and it can intercept SMS messages from a bank containing one-time passwords.

Tatyana Shishkova, malware analyst at Kaspersky Lab, says the Asacub Trojan highlights how mobile malware can function for several years with minimal changes to its distribution pattern.

"One of the main reasons for this is that the human factor can be leveraged through social engineering: SMS messages look like they are meant for a certain user, so victims unconsciously click on fraudulent links. In addition, with regular change of domains from which the Trojan is distributed, catching it requires heuristic methods of detection," she adds.

Better than cure

Kaspersky advises users to follow several steps to avoid getting infected with mobile banking malware:

• Only download applications that are from official resources;
• If possible, disable the installation of applications from third-party sources in smartphone settings;
• Never click on links from suspicious or unknown senders;
• Install a reliable security solution to protect mobile devices.

via ITWeb

Read more »

Ten Percent of Mobile Subscribers at Serious Risk of ID Theft

Data aggregated from global operators indicates 60% of suspicious domains are linked to phishing

Thursday, November 2nd, 2017

EDISON, New Jersey, Nov. 2, 2017 /PRNewswire/ Korea IT Times--

Flash Networks, the leading provider of mobile Internet optimization, security, and engagement solutions, today published new market data highlighting the vulnerability of mobile users to ID theft via phishing attacks. Alarmingly, data collected from global operators shows that more than 10% of users are exposed to phishing attempts. Mobile subscribers are being exposed to increasing risk as the volume and sophistication of attacks escalate.

Data from mobile operator deployments reveal that:

• 3% of all domains visited are classified as suspicious
• 60% of suspicious domains are linked to phishing
• The percentage of mobile users exposed to phishing attempts is increasing, with 10% of subscribers visiting suspicious domains at least once a month  
• Threats are dynamic in terms of intensity, location, and time. While massive phishing attempts may occur at one location, a dramatic shift in the target demographics of phishing attempts may be seen elsewhere at a different time.

"A single click taking an unsuspecting mobile user to a fake website can quickly lead to identity theft," said Dror Shlomo, VP Product at Flash Networks. "Through deep inspection of network traffic, xtraArmor provides subscribers with the strongest possible protection against threats such as viruses, malware, spyware, and phishing before the traffic is delivered to the subscribers' devices."

Flash Networks xtraArmor is a clientless solution for detecting and preventing threats aimed at mobile devices. xtraArmor is powered by industry-leading security technology from Symantec. Integrating seamlessly with mobile operators' networks, the virtualized solution enables operators to protect subscribers and devices from advanced phishing, viruses, malware, spyware, ransomware, and other threats. Using multi-layered detection technologies, such as advanced heuristics, machine learning, and behavior analysis, xtraArmor detects malicious traffic, generates alerts, and prevents such traffic from reaching mobile devices.

About Flash Networks 

Flash Networks is a leading provider of virtual optimization, security and engagement solutions that enable operators to improve RAN spectral efficiency, boost network speed, optimize video and web traffic, generate over-the-top revenues and secure the mobile Internet for subscribers and devices.

With offices in North America, Europe, Latin America, and Asia, Flash Networks services hundreds of millions of subscribers daily at leading global carriers. For more information, visit http://www.flashnetworks.com.

Read more »

Xafecopy Trojan Will Steal Money From Your Mobile, protect your phone now!

Xafecopy Torjan is a new malware reported by cyber security firm, Kaspersky. As per the report, a new Malware is hitting the technology world which is stealing money from your smartphone. Xafecopy Trojan malware is spreading slowly over the world starting from India. As per the report, over 40% of malware target was found in India. Since, India is becoming more advance with technology, people are more into digital payment services. For that reason, hackers are moving on to this country.

As per the official report by Kaspersky, “Kaspersky Lab experts have uncovered a mobile malware targeting the WAP billing payment method, stealing money through victims’ mobile accounts without their knowledge.”

This new malware runs secretly on your device and steal data from your device. The trojan puts and runs its secret codes to your phone without your knowledge and this way it fetches the information from your device. This trojan runs normally on the device and hence no one will understand what’s actually going on inside your mobile phone. You will not be able to see any such codes with bare eyes.

This code runs and activate through various applications which most of the Android and iOS users are using. Applications like BatteryMaster, ES File Explorer and all the other apps which contains advertises runs these malicious codes. Once the app is activated, the codes will itself starts working on your mobile phone.

This malware clicks different webpages on your mobile phone through Wireless Application Protocol billing. After filling up the form, the code silently subscribes you to various services. This process works super smoothly without any registration or sign up process. You don’t have to put the credit card or debit card details into the forms still it will subscribe for various services without your permission and knowledge.

As we all know, most of the services have captcha codes for the final confirmation of your action. But this malware replaces the captcha code with normal texts and this way it can easily get confirmation and bypass the entire procedure itself. Captcha codes are there to fill the forms and confirmation manually so no robots or autobots can harm your information. But this malware is something to hit the right bone of all the users.

Furthermore, the report says, “Xafecopy hit more than 4,800 users in 47 countries within the space of a month, with 37.5 per cent of the attacks detected and blocked by Kaspersky Lab products targeting India, followed by Russia, Turkey and Mexico.”

Kaspersky Lab Senior Malware Analyst Roman Unuchek said, “Our research suggests WAP billing attacks are on the rise. Xafecopy’s attacks targeted countries where this payment method is popular. The malware has also been detected with different modifications, such as the ability to text messages from a mobile device to premium-rate phone numbers, and to delete incoming text messages to hide alerts from mobile network operators about stolen money.”

In order to prevent yourself from such unwanted and harmful malware attacks to stop them stealing your money, make sure you have a proper security set in your Android device. Stop downloading and installing unwanted third party applications as hackers and attackers are trying to spread this virus or we can say malware with the help of such third party applications which are not permitted by Google. If you are using an Android smartphone, it is better for you to protect your smartphone with Google Play Protect which is a free security service available on all the Android smartphone. The security app has over 1 Billion active users as per the reports.

As a security advice, “It is best not to trust third-party apps, and whatever apps users do download should be scanned locally with the Verify Apps utility. But beyond that, Android users should be running a mobile security suite on their devices.”

via techbulletin

Read more »