Berita

Berita

ALERTS : MALWARE TARGETS MAYBANK2U ON ANDROID

ALERTS : MALWARE TARGETS MAYBANK2U ON ANDROID

Tarikh : 25 September 2014

Dilaporkan Oleh : WebMaster

Kategori : News


Share

MyCERT alerts that a malware targets millions of Malaysian Internet banking customers. A few incidents have so far been reported and confirmed by the Federal Police Commercial Crime Department.  The so-called "God" of Malware namely Zeus Tracker/ Trojan which is now active and could be a significant threat to users who perform online banking. According to initial analysis by MyCERT, the attacks are more pertinent mobile devices running on Android and devices with unpatched Windows Operating System.

it is as reported in malaysia newspaper in utusan malaysia on 25 september 2014

http://www.utusan.com.my/utusan/Jenayah/20140925/je_01/Hantar-virus-ke-telefon-lesapkan-wang


Malaysia Computer Emergency Response Team has published an advisories on this matters in their websites. mycert website

here is summary of this


1.0 MyCERT had received several reports regarding a malware that targets Maybank2U and CIMB Clicks customers. Based on mycert initial analysis, they found this campaign uses the Zeus banking malware family as its Modus Operandi in this campaign.

Attacker will infect victim's computers with Zeus banker malware which will inject modified fake contents or page while a user is browsing a legitimate online banking website.

2.0 Affected Systems

The Trending now 2014 is attacking Smartphone using Android


3.0  Process Of Attack : ( This Happen when  User Android Devices has been Infected with the Zeus Trojan/ Tracker )

          1                                  2                                3                                     4

 

3.1  The Bank's Official URL : User Access the legitimate url address for the online banking system

After Login : User will experience such below
3.2  Zeus Modifies the Page : The malware will inject a modified fake contents that looks like a real online banking website when user is browsing a legitimate online banking website, in which the content will request victim's smartphone operating system and mobile number. ( as attached )

Not Just Maybank2u it also could effect Cimbclicks or other platform of online banking. as long as your Gadget has been infected with Zeus Tracker / Trojan !!

the email address is actually not related to the user login, also the select phone operating system also just a phishing idea to cheat the user. attached here user that experienced with this malware

 - when your login seem like this. close your browser and make sure to scan with any trusted antivirus.

if user proceed to follow as what they see, they will have a chance to lost their money !!

3.3 Authentication Attempt :  The malware will SMS to the smartphone a malicious APK and infect the smart phone in order to establish callback with the attackers for further instructions.

The modified content will prompt user to choose their smartphone Operating System and provide their phone number as well. With the phone number information, attacker will send SMS containing link to a malicious APK known as Zitmo malware to the victim's smartphone, purportedly to be a an online banking verification certificate.

after this point, the Zeus malware can generates a fraudulent transaction on behalf of the user and authenticate it by intercepting the SMS verification message on the phone and forwarding it to the malware on the PC. The mobile Zeus variant then deletes the confirmation message from the user’s mobile device so the user will not see it and enters the code on the PC to complete the transaction



3.4 Data Transfereed to the C&C ( in a week user will experience money lost in their account !!! )


4.0 Technical Details

Attacker will infect victim's computer / laptop/ tab / smartphone with Zeus banker malware which will inject modified contents when users is browsing a legitimate online banking website.


Summary of the Attack Process
 

A user whose PC is infected and who tries to access a bank Web site triggers the Zeus malware, which “asks the user to download an authentication or security component onto their mobile device in order to complete the login process.” That security component, disguised as Trusteer’s Rapport product, but actually the Zeus mobile variant, gives fraudsters control of both the user’s PC and the user’s phone. At that point, the Zeus malware can generates a fraudulent transaction on behalf of the user and authenticate it by intercepting the SMS verification message on the phone and forwarding it to the malware on the PC. The mobile Zeus variant then deletes the confirmation message from the user’s mobile device so the user will not see it and enters the code on the PC to complete the transaction.

credit to iiumcybersafe