In their investigation of the botnet-forming Android banking malware, ESET researchers discovered that both the Android Trojans and the command and control (C&C) server directing compromised devices were built using source code that was made public on Russian forums in December, 2016. Weak security of the C&C server had allowed ESET to analyse the botnet.
“On top of the source code being available to virtually anyone, the C&C server itself has also been left accessible to whomever has the URL, without requiring any credentials,” says ESET Malware reseracher Lukáš Štefanko.
Android users were exposed to malware disguised as weather forecasting apps, ESET's blog WeLiveSecurity.com has reported. The malware is capable of stealing banking credentials and locking the screens of infected devices. Two versions of the botnet-forming Trojan made it onto Google Play. Each had a lifetime of several days and together achieved thousands of downloads before being detected by ESET and taken down by the Google security team in mid-February. The earlier version specifically targeted Turkish mobile banking apps; as it happens, a high proportion of the victims are from Turkey.
Android users were exposed to malware disguised as weather forecasting apps, ESET's blog WeLiveSecurity.com has reported. The malware is capable of stealing banking credentials and locking the screens of infected devices. Two versions of the botnet-forming Trojan made it onto Google Play. Each had a lifetime of several days and together achieved thousands of downloads before being detected by ESET and taken down by the Google security team in mid-February. The earlier version specifically targeted Turkish mobile banking apps; as it happens, a high proportion of the victims are from Turkey.
 |
| Source: ESET blog. Most of the victims of the Android banking botnet are Turkish. |
The C&C server had been active since February 2, 2017. By February 23, when the C&C server was taken down by the hosting company based on ESET’s notice, the botnet contained 2,810 victims from 48 countries.
The fact that the source code of another example of Android banking malware has been made available online may lead to its proliferation, according to ESET security experts. “With tools for creating Android banking malware now accessible more easily and for free, Android users should take even more care about prevention,” recommends Štefanko.
The fact that the source code of another example of Android banking malware has been made available online may lead to its proliferation, according to ESET security experts. “With tools for creating Android banking malware now accessible more easily and for free, Android users should take even more care about prevention,” recommends Štefanko.
Interested?
Read a detailed analysis of the malware along with advice on prevention and cleaning
Hashtag: #MWC2017, #MWC17
No comments:
Post a Comment