Newsletters
The Enterprise Security Supersite NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home Network Security Viruses & Malware Cybercrime Security Solutions More Topics...
Data Security
Tame your scariest paperwork. Find Out How
Average Rating:
Rate this article:  
Android Malware Targets Facebook Users
Android Malware Targets Facebook Users

By Jennifer LeClaire
April 17, 2014 10:32AM

Bookmark and Share
The iBanking app is installed using sideloading, a major vector for malware getting installed on Android devices. Android warns about sideloading apps like iBanking, but that doesn't seem to be enough. Maybe users need a bold, blinking red text saying, "Legitimate apps are rarely installed this way! You’re probably installing malware on your device!"
 


The Heartbleed bug is still a very real issue for IT admins, but it’s far from the only issue. The latest woe comes in the form of a malicious Android application called iBanking. When you install it on your mobile phone it can spy on your communications.

Security researchers at ESET, an antivirus vendor, identified the malware. Calling it a bot, the firm said it has phone-specific capabilities that range from capturing incoming and outgoing text messages to redirecting incoming voice calls to grabbing audio using the device’s microphone.

“As reported by independent researcher Kafeine, this mobile application was for sale in underground forums and was used by several banking Trojans in an attempt to bypass a mobile two-factor authentication method put forth by some financial institutions,” Jean-Ian Boutin, a malware researcher at ESET, wrote on the company’s blog.

From Banking to Facebook

Boutin explained that several banks around the world use this method, which is called “mobile transaction authorization number” or mToken in the financial realm, to authorize banking operations. However, it seems popular Internet giants like Facebook, Twitter and Google have also picked up the method.

“The way iBanking is installed on the user’s mobile is quite common, but it is the first time we have seen such a mobile application targeting Facebook users for account fraud,” Boutin said. “Although the Facebook two-factor authentication feature has been around for quite a while, it may be that there is a growing number of people using it, thus making account takeover through a regular account credentials grabber ineffective.”

Boutin said now that mainstream Web services such as Facebook are also targeted by mobile malware, it will be interesting to see whether other types of malware will start using webinjects, free tools for automated testing of Web services and Web apps.

“Will we see content injection functionalities and mobile malware used in non-financial types of malware so that they can take over accounts from popular Web services?” he asked. “Time will tell, but because of the commoditization of mobile malware and the associated code source leaks, this is a distinct possibility.”

PC Still Security Weak Link

We turned to Jeff Davis, vice president of engineering at Web information security solutions vendor Quarri Technologies, to get his take on the iBanking bot. He told us since Google has stepped up its game in filtering malicious apps from the Google Play store, Android malware authors have had to resort to novel and convoluted methods for getting their malware installed on users’ devices. (continued...)

1  |  2  |  Next Page >

 

Tell Us What You Think
Comment:

Name:



Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.


 Data Security
1.   Juniper DDoS for High-IQ Networks
2.   Google Hacker Team to Hunt Bugs
3.   Cloud Firms Offer Azure Starter Kit
4.   FBI Cyber-Expert's Humble Start
5.   Chinese Hackers Hit U.S. Officials


advertisement
Gartner Rates IT Security Companies
IBM, HP, McAfee, Splunk ranked well.
Average Rating:
Hackers Target Western Energy Firms
Appears to be state-sponsored group.
Average Rating:
IBM Uncovers Android Security Flaw
Ten percent of devices at risk.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
34 European Banks Hit by Android-Skirting Malware
Criminals have been finding gaping holes in Android-based two-factor authentication systems that banks around the world are using. The result: 34 banks in four European countries have been hit.
 
New Web Tracking Technologies Defeat Privacy Protections
Recently developed Web tracking tools are able to circumvent even the best privacy defenses, according to a new study by researchers at Princeton and the University of Leuven in Belgium.
 
Juniper DDoS Solution Aims at High-IQ Networks
In the face of more complex attacks, Juniper Networks is boosting its DDoS Secure solution to help companies mitigate the threats with more effective security intelligence throughout the network fabric.
 

Enterprise Hardware Spotlight
Contrary to Report, Lenovo's Staying in Small Windows Tablets
Device maker Lenovo has clarified a report that indicated it is getting out of the small Windows tablet business -- as in the ThinkPad 8 and the 8-inch Miix 2. But the firm said it is not exiting that market.
 
Seagate Unveils Networked Drives for Small Businesses
Seagate is out with five new networked attached storage products aimed at small businesses. The drives are for companies with up to 50 workers, and range in capacity from two to 20 terabytes.
 
Another Day, Another Internet of Things Consortium Is Born
In the emerging Internet of Things, zillions of devices will be talking to each other. Samsung, Intel and Dell just formed a consortium to ensure each thing can understand what others are saying.
 

Navigation
Enterprise Security Today
Home/Top News | Network Security | Viruses & Malware | Cybercrime | Security Solutions | Mobile Security | Disaster Recovery | Windows Security
Data Security | EST Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.