ZeuS tries to bypass two-factor authentication
Posted on 27.09.2010
Since more and more financial institutions and companies are beginning to use mobile text messages in order to provide two-factor authentication to its users, it was just a matter of time until criminals behind the ZeuS Trojan will try to think of a way to get hold of that crucial bit of information.

The attack begins as it usually does - the Trojan steals the username and password as it is inserted by the user. Then, a rogue form pops up and demands of him to share his mobile phone vendor, model and phone number:


After the unsuspecting victim has complied with that request, he receives an SMS in which a link to a security certificate - actually, a malicious application - is provided.

As S21sec researchers point out, so far the malicious application targets only users who have a Blackberry or a mobile device running Symbian, because the application needs only the user's permission to install. iPhone applications, on the other hand, can only be installed through the AppStore.

From then on, the application monitors all incoming text messages and will install a backdoor so that it can receive further commands via SMS. The researchers have analyzed one of these applications for Symbian, and have reveled that it has a hardcoded UK phone number (used as a C&C).

Upon installation, the application notifies the C&C that it has been successfully installed and monitors the incoming text messages. With text messages sent from the C&C number, containing various commands, the criminals behind this scheme can make the phone ignore all commands, enable remote commands, add/delete/update a contact or change the C&C phone number.

The best way for the user to find out if his device is infected is to look at is mobile expenses and detect strange SMS charges. "Although we cannot state that it is a really advanced malicious application, it really works, and the thin line between PC and mobile malware is thinner than ever," say the researchers.






Spotlight

Almost 1 in 10 Android apps are now malware

Posted on 28 July 2014.  |  Cheetah Mobile Threat Research Labs analyzed trends in mobile viruses for Q1 and Q2 of 2014. Pulling 24.4 million sample files they found that 2.2 million files had viruses. This is a 153% increase from the number of infected files in 2013.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Jul 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //