This Android Trojan blocks victims from alerting banks

By Michael Kan | PCWorld

A new Trojan that can steal your payment data will also try to stymie you from alerting your bank.

Security vendor Symantec has noticed a “call-barring” function within newer versions of the Android.Fakebank.B malware family. By including this function, a hacker can delay the user from canceling any payment cards that have been compromised, the company said in a blog post.

Fakebank was originally detected in 2013. It pretends to be an Android app, when in reality, it will try to steal the user’s money.

The malware works by first scanning the phone for specific banking apps. When it finds them, the Trojan will prompt the user to delete them and install malicious versions of those same apps.

The newer variants of Fakebank.B, however, will do more than just collect financial login data. They will also monitor whatever phone calls are made.

If the customer service numbers of certain banks are dialed, the Trojan will cancel the call, Symantec said. Instead, users will have to use email or another phone to reach their banks.

So far, this new Trojan has only been detected in Russia and South Korea. Symantec is advising users refrain from downloading apps from less trustworthy sources, like third-party app stores.

The call-barring function shows how banking Trojans are continuing to evolve. Earlier this year, Symantec detected another kind called Android.Bankosy that can bypass voice-based two-factor authentication systems.

To do this, the Trojan will secretly activate call forwarding on the victim’s phone. All calls will then be redirected to the hacker’s own number.

Symantec: Stuxnet existed two years earlier than anyone realized

A new report from security firm Symantec highlights the discovery of a new version of the Stuxnet virus that crippled Iran’s nuclear enrichment program. The most recent finding predates the earliest known instance of the cyber weapon by two years, officials said.
Stuxnet made worldwide news back in 2007 when it was used to attack the country’s main nuclear facilities. Symantec now claims they have found a string of code they are calling Stuxnet 0.5 which dates back to 2005.
Eric Chien, technical director of Symantec’s Security Response Team, said there isn’t any really new evidence of who the people behind the attack were but it’s clear that they aren’t just some hactivists or people with a vendetta. It is widely believed that Stuxnet is the product of a joint effort between the United States and Israel although neither country has publically claimed responsibility.

The New York Times claimed last year that President George W. Bush initially ordered the attacks under a program code-named Olympic Games that continued with the Obama administration. Obama reportedly accelerated the attacks last year despite the fact that it became a household name in 2010 when a programming error accidentally sent the code over the Internet.
Stuxnet is regarded by many as one of the most sophisticated pieces of malware ever written. Symantec said it’s a complicated and sophisticated piece of malware that requires a similar level of skill and effort to produce. It affected at least 14 different facilities in Iran during its heyday.
via Symantec: Stuxnet existed two years earlier than anyone realized – TechSpot.