[REPOST] ‘Malware targeting Android phone users’ money in banks

Malware targeting Android phone users

Global Internet security firm Kaspersky Lab has warned of a new malware targeting Android smartphone users who do their banking online.

The malware – Asacub – not only steals victims’ information but also their money in the bank.

When it was first identified, Asacub displayed all the signs of an information stealing malware. Some versions of the malware target users of online banking in Russia, Ukraine and the US.

“As of now, the known targets of the cybercriminal group behind Asacub Trojan are financial institutions in Russia and in USA. But that doesn’t mean Android users not residing in those countries can relax and assume they are safe,” Roman Unuchek, senior malware analyst at Kaspersky Lab USA, said recently.

“With the rise of online banking using Android smartphones, no one is actually safe. Everyone must now prioritize their security and take extra steps in protecting their devices,” Unuchek said.

With millions of people worldwide using their smartphones to pay for goods and services, 2015 saw cybercriminals exploit this by focusing their efforts on developing malicious financial programs for mobile devices.

For the first time, a mobile banking Trojan entered the Top 10 most prevalent malicious programs targeting finances last year.

Kaspersky Lab said the Asacub Trojan is yet another example of this worrying trend.

“When analyzing this Trojan, we found that the Asacub malware has connections to criminals with links to a Windows-based spyware called CoreBot. The domain used by Asacub’s Command & Control center is registered to the same person as tens of domains that were used by CoreBot. It is therefore highly likely that these two types of malware are being developed or used by the same gang, who see huge value and criminal gain in exploiting mobile banking users,” warned Unuchek.

“Based on current trends, we can assume that in 2016, the development and prevalence of mobile banking malware will continue to grow and account for an even greater share of malware attacks. Users need to be extra vigilant to ensure they don’t become the next victim,” he added.

The first version of the Asacub Trojan, discovered in June 2015, was capable of stealing the contact lists, browser history, list of installed apps, sending SMS messages to given numbers and also blocking the screen of an infected device – all standard functions for a typical information stealing malware.

However, in September last year, Kaspersky Lab’s Anti-Malware Research experts discovered several new versions of the Asacub that confirmed its transformation into a tool for stealing money, with the new version equipped with phishing pages mimicking log-in pages of banking applications.

At first, it appeared Asacub was targeting only Russian-speaking users, because the modifications contained fake login pages of Russian and Ukrainian banks.

But after further investigation, Kaspersky Lab’s experts found a modification with fake pages of a large US bank.

These new versions also contained a new set of functions including call redirection and sending USSD requests, a special service for interactive non-voice and non-SMS communications between the user and cellular provider, which made Asacub a very powerful tool for financial fraud.

Although Kaspersky Lab has been aware of several different versions of the Trojan for some time, the company’s threat detection systems found almost no sign of active Asacub campaigns until the end of 2015.

Within just one week, Kaspersky Lab identified more than 6,500 attempts to infect users with the malware making it one of the five most popular mobile Trojans of that week, and the most popular Trojan-banker.

Original article of Philippine Star