Android malware pairs man-in-the-middle with remote-controlled banking trojan

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Android malware pairs man-in-the-middle with remote-controlled banking trojan
FakeTokenBanks.png
Botnet FakeToken
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 14 mars 2012
Editor/Conference McAfee Labs
Link http://blogs.mcafee.com/mcafee-labs/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan (Archive copy)
Author Carlos Castillo
Type

Abstract

Based on the Android malware that we’ve seen so far, one of the principal motivations to develop and spread malware on Android is to gain financial profit. We often see deceptive applications that send SMS messages to premium-rate numbers without the user’s consent or that run man-in-the-middle attacks to forward SMS messages to an attacker with a user’s mTANs (Mobile Transaction Numbers). In the latter case, the attacker uses the information to defeat the two-factor authentication security scheme used by several banks and financial entities around the world. Examples of this last type of threat are the well-known Trojan bankers ZeuS and SpyEye, which includes in the latest versions of its PC malware a new module that targets Android. In general, those malicious applications are not complex compared with more sophisticated threats. However, the situation may have changed: With the recent discovery of a new Android malware that has the man-in-the-middle functionality but, unlike ZeuS and SpyEye, also can be controlled remotely and can grab the initial password from a mobile device without infecting the user’s PC.

Bibtex

 @misc{Castillo2012BFR938,
   editor = {McAfee Labs},
   author = {Carlos Castillo},
   title = {Android malware pairs man-in-the-middle with remote-controlled banking trojan},
   date = {15},
   month = Mar,
   year = {2012},
   howpublished = {\url{http://blogs.mcafee.com/mcafee-labs/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan}},
 }