UK Mobile Phones (uk.telecom.mobile) Mobile telephone equipment and networks.

Reply
 
LinkBack Thread Tools Display Modes
  #1   Report Post  
Old December 3rd 19, 12:26 PM posted to comp.mobile.android,uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Nov 2012
Posts: 171
Default Android 'spoofing' bug helps (malicious apps) targets bank accounts

"Android 'spoofing' bug helps (malicious apps) targets bank accounts
By Mark Ward Technology correspondent, BBC News, 2 December 2019

A "major" security weakness in Google's Android software has let
cyber-thieves craft apps that can steal banking logins, a security firm
has found.

The bug lets attackers create fake login screens that can be inserted
into legitimate apps to harvest data.

More than 60 financial institutions have been targeted by the technique,
a survey of the Play store indicated.

Google said it had taken action to close the loophole and was keen to
find out more about its origins.

"It targeted several banks in several countries and the malware
successfully exploited end users to steal money," said Tom Hansen, chief
technology officer of Norwegian mobile security firm Promon, which found
the bug."

https://www.bbc.co.uk/news/technology-50605455

  #2   Report Post  
Old December 3rd 19, 04:35 PM posted to comp.mobile.android,uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Nov 2019
Posts: 74
Default Android 'spoofing' bug helps (malicious apps) targets bank accounts

On Tue, 3 Dec 2019 13:26:30 +0000, Java Jive wrote:

"It targeted several banks in several countries and the malware
successfully exploited end users to steal money," said Tom Hansen, chief
technology officer of Norwegian mobile security firm Promon, which found
the bug.


Here's more detailed information from the source...

o *Where are these attacks found?*
<https://promon.co/security-news/overlay-attacks-mobile/
"In the past, these attacks were only spotted in Russia. Later on we
have seen the first examples in Europe, such as the MazarBot Android
malware, and the US, and there are likely to be more."
"A recent example of this trojan malware is BankBot. While older samples
of BankBot mainly targeted Russian financial institutions, in April 2017
the Dutch company Securify came across a new sample of the malware. This
sample shows that BankBot was targeting European and American banks as
well.

Newer iterations have targeted at least 420 banks in countries such as
Germany, France, Austria, the Netherlands, Turkey and the United States. "

o *How do these attacks work?*
<https://promon.co/security-news/overlay-attacks-mobile/
"In the majority of cases, overlay malware takes the form of a trojan.
It is downloaded as a supposedly legitimate application from a legitimate
website or app store. It can also be installed by drive-by downloads, which
means a user would only need to be on a certain webpage to be compromised.

The malware lies dormant on infected devices, waiting until a user opens up
a banking application. Once this happens, the malware pushes the legitimate
app to the background, something most apps would not detect as unusual by
themselves. In other words, the app wouldn't know that it's been pushed to
the background. It would therefore keep on functioning normally, accepting
user inputs, even though a human couldn't possibly operate the app.

Simultaneously, the malware creates a window that mimics the look and feel
of the app that's been affected. So, for all intents and purposes, the user
would assume they were still interacting with their mobile banking app.

Because the user is none the wiser, they'll proceed to enter sensitive data
while using the banking app as normal. This could be anything from
passwords, codes, and financial details. This information is then stolen by
the malware. And to make matters worse, data is altered so that the user
unknowingly sends transactions to the criminals behind the malware."
"BankBot, first disguised as a weather forecast application, and then as
different video apps, can be downloaded from Google Play. From there it
tricks users into giving up usernames, passwords, pin codes, card details,
as well as intercepting SMS text messages."

o *The StrandHogg vulnerability*
<https://promon.co/security-news/strandhogg/
"Lookout, a partner of Promon, confirmed that they have identified 36
malicious apps exploiting the vulnerability. Among them were variants of
the BankBot banking trojan observed as early as 2017. *During testing,
Promon researchers found that all of the 500 most popular apps (as ranked
by app intelligence company 42 Matters) are vulnerable to StrandHogg. *All
versions of Android affected, incl. Android 10* (note: the permission
harvesting exploit is only from Android 6.0 and onwards).

BankBot: one of the most widespread banking trojans around, with dozens of
variants and close relatives springing up all the time. BankBot attacks
have been detected all over the world, in the U.S., Latin America, Europe
and the Asia Pacific region. "

*Here's what "Lookout" had to say:*
o Strandhogg vulnerability allows attackers to circumvent Android OS safeguards
<https://blog.lookout.com/strandhogg-vulnerability-allows-attackers-to-circumvent-android-os-safeguards
"Earlier today, Promon, a Lookout partner, reported on Strandhogg, a
vulnerability in the Android OS that allows for one app to display an
Activity in the UI context of another app. This vulnerability can be
exploited by attackers through screen overlays, such as in banking trojans,
and permission harvesting. During their research phase, Promon reached out
to Lookout to help find and identify apps that exploit Strandhogg. After
looking through their dataset, Lookout identified 36 malicious apps
exploiting the Strandhogg vulnerability, among them variants of the Bankbot
banking trojan observed as early as 2017."

o *How does BankBot steal your credentials?*
<https://promon.co/security-news/rasp-bankbot-banking-malware/

"BankBot is a banking Trojan that poses as an apparently benign
application, such as WhatsApp or Runtastic. When the application is
installed and run, it asks for administrative privileges. Once these
privileges are granted, the icon disappears from the home screen. From that
moment, the device is compromised.

BankBot subsequently tries to steal your banking credentials (e.g. username
and PIN) and credit card information using a well-known technique called
overlay. This means the malware creates a window that mimics the
look-and-feel of the targeted mobile banking app, and that aims to trick
users into entering their credentials. This overlay window is positioned on
top of the target app when the user launches it. As the overlay window is
created to look exactly like the target app, users usually believes they
are interacting with the genuine mobile banking app."

*Taking Responsibility: Developers or Providers?*
<https://promon.co/security-news/overlay-attacks-mobile/

"So who's responsible for protecting against mobile overlay attacks? Is
it the app developer or the app provider? Ideally, they should work
together. This would ensure that if cyber-criminals exploit one specific
weakness on an app, it's not enough to compromise the user.

The banking application itself should have security built in that detects
when the app has been pushed to the background. It should also prevent the
user from inputting any details that could be sensitive. However, malware
evolves, so there's always potential for unknown platform weaknesses to be
exploited. This is where the joint effort of both developers and providers
becomes all the more important."

--
Usenet works well when adults are purposefully helpful in sharing data.


Reply
Thread Tools
Display Modes

Posting Rules

Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Malicious Text Messages [email protected] UK Mobile Phones 6 July 30th 07 06:02 PM
Nokia's N91 Targets iPod Nick UK Mobile Phones 0 April 27th 05 10:22 PM
Phone company helps end date hell Adjust UK Mobile Phones 0 February 10th 05 12:58 PM
P4U staff given stupidly high homecall targets Jon UK Mobile Phones 23 November 16th 04 07:21 PM
nokia: hear no bug, see no bug, speak no bug - anyone know how to get hold of people there? Dave Mee UK Mobile Phones 7 February 10th 04 08:40 PM


All times are GMT. The time now is 07:28 AM.

Powered by vBulletin® Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
Copyright 2004-2021 Mobile Banter.
The comments are property of their posters.
 

About Us

"It's about UK mobile phones"

 

Copyright © 2017