{"id":5358,"date":"2014-04-18T10:00:16","date_gmt":"2014-04-18T14:00:16","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=5358"},"modified":"2014-04-18T10:00:16","modified_gmt":"2014-04-18T14:00:16","slug":"facebook-users-targeted-by-ibanking-android-trojan-app","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/04\/18\/facebook-users-targeted-by-ibanking-android-trojan-app\/","title":{"rendered":"Facebook users targeted by iBanking Android trojan app"},"content":{"rendered":"

\"\"<\/a><\/p>\n

Cybercriminals have started using a sophisticated Android Trojan app designed for e-banking fraud to target Facebook users, possibly in an attempt to bypass the two-factor authentication protection on the social network.<\/p>\n

Security researchers from antivirus vendor ESET have identified a new variant of a computer banking Trojan called Qadars that injects rogue JavaScript code into Facebook pages when opened in a browser from an infected system. The injected code generates a message instructing users to download and install Android malware that can steal authentication codes sent to their phones via SMS.<\/p>\n

These man-in-the-browser attacks are known as webinjects and have long been used by computer Trojans to display rogue Web forms on online banking websites with the goal of collecting log-in credentials and other sensitive financial information from users.<\/p>\n

Webinjects are also commonly used to display messages that instruct users to download and install malicious applications on their mobile phones by presenting them as security apps required by financial institutions. In reality those rogue mobile apps are designed to steal mobile transaction authorization numbers (mTANs) and other one-time passwords sent by banks via SMS.<\/p>\n

In February security researchers from RSA, the security division of EMC, reported that the source code for an advanced Android Trojan called iBanking was released on an underground forum and warned that this development will allow more cybercriminals to incorporate this mobile threat in their future operations.<\/p>\n

\"\"<\/a><\/p>\n

Once installed on an Android phone, iBanking can capture incoming and outgoing text messages; can redirect calls to a pre-defined phone number; can capture audio from the surrounding environment using the device\u2019s microphone and can steal the call history log and the phone book.<\/p>\n

The authors of the Qadars computer Trojan were quick to adopt iBanking, according to a new report by researchers from ESET, but instead of using it against online banking users they appear to be targeting accounts on Facebook.<\/p>\n

\u201cThrough our monitoring of the banking Trojan Win32\/Qadars […] we have witnessed a type of webinject that was totally new for us: it uses JavaScript, meant to be injected into Facebook webpages, which tries to lure the user into installing an Android application,\u201d ESET malware researcher Jean-Ian Boutin said Wednesday in a blog post.<\/p>\n

What to expect if you’re infected<\/p>\n

When users log into Facebook from a computer infected with Qadars they will see a rogue message informing them that \u201cdue to a rising number of attempts in order to gain unlawful access to the personal information of our users and to prevent corrupted page data to spread Facebook administration introduces new extra safety protection system.\u201d<\/p>\n

This alleged protection system is presented as a mobile application that generates unique authentication codes that can be used instead of regular passwords. In order to obtain the application, users are asked to specify the OS of their mobile phone and their phone number. They are then directed to a page with a download link and a corresponding QR code.<\/p>\n

The application being offered to Android device owners is a version of the iBanking Trojan app that has been modified to look as a Facebook application for generating one-time passwords. During installation, users are instructed to enable the Android setting allowing the installation of apps obtained from unknown sources and are asked to give the app device administrator permissions.<\/p>\n

\u201cThe way iBanking is installed on the user\u2019s mobile is quite common, but it is the first time we have seen such a mobile application targeting Facebook users for account fraud,\u201d Boutin said.<\/p>\n

It\u2019s possible that the attackers are using iBanking to steal security codes sent via SMS by Facebook\u2019s legitimate two-factor authentication system. It may be that there\u2019s a growing number of people using this protection feature on Facebook, making accounts harder to compromise through traditional credential theft attacks, Boutin said.<\/p>\n

However, it\u2019s also possible that attackers have chosen to use webinjects on Facebook because it\u2019s an efficient way to distribute the malware to a lot of users without worrying which particular banking sites they regularly interact with.<\/p>\n

\u201cNow that mainstream web services such as Facebook are also targeted by mobile malware, it will be interesting to see whether other types of malware will start using webinjects,\u201d Boutin said. \u201cTime will tell, but because of the commoditization of mobile malware and the associated code source leaks, this is a distinct possibility.\u201d<\/p>\n

via Facebook users targeted by iBanking Android trojan app | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Cybercriminals have started using a sophisticated Android Trojan app designed for e-banking fraud to target Facebook users, possibly in an […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[7,8,10],"tags":[341,347,1104],"class_list":["post-5358","post","type-post","status-publish","format-standard","hentry","category-security","category-social-media","category-technology","tag-exploit","tag-facebook","tag-trojan"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1oq","jetpack-related-posts":[{"id":9307,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/03\/11\/this-week-in-tech-657-dadgum-cell-phone\/","url_meta":{"origin":5358,"position":0},"title":"This Week in Tech 657: DadGum Cell Phone","author":"NCCT","date":"March 11, 2018","format":false,"excerpt":"https:\/\/youtu.be\/KGrJJj_8YHU SXSW features killer robots and killer barbeque. Alexa's spontaneous laugh makes us afraid of an AI takeover. Amazon wants to take over your checking account. Can blockchain reinvent fintech? Android users more loyal than iOS users. Is AI really all that smart? Apple hires M. Night Shyamalan. Millennials love\u2026","rel":"","context":"In "Social Media"","block_context":{"text":"Social Media","link":"https:\/\/nccomputertech.com\/techtalk\/category\/social-media\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/KGrJJj_8YHU\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9522,"url":"https:\/\/nccomputertech.com\/techtalk\/2019\/02\/24\/will-it-bend-this-week-in-tech-707\/","url_meta":{"origin":5358,"position":1},"title":"Will It Bend? – This Week in Tech 707","author":"NCCT","date":"February 24, 2019","format":false,"excerpt":"https:\/\/youtu.be\/qC0DabXmX8Q Folding phones at MWC, Hololens 2, conspiracies on YouTube, and more. -- Foldable Phones Hit MWC 2019 -- Microsoft Announces Hololens 2 -- Netflix at the Oscars -- Apple and Goldman Sachs Release Credit Card Linked to iPhone -- Apple to Combine iPhone, iPad and Mac Apps -- YouTube:\u2026","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/qC0DabXmX8Q\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9511,"url":"https:\/\/nccomputertech.com\/techtalk\/2019\/01\/22\/millsplain-it-to-me-this-week-in-tech-702\/","url_meta":{"origin":5358,"position":2},"title":"Millsplain It to Me – This Week in Tech 702","author":"NCCT","date":"January 22, 2019","format":false,"excerpt":"https:\/\/youtu.be\/EtTfFJVBZ6s -Apple's Tim Cook Calls for Data Privacy. -773M Passwords Pwned - How to Find Out If Yours Was. -Amazon Tries to Make Alexa Sound \"Newsy.\" -Google Buys Fossil. -74% of Facebook Users are Clueless. -Facebook's 10 Year Challenge. -Atari Founder Making Alexa Board Games. -Stop Using Windows Phone! -Tokyo\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/EtTfFJVBZ6s\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9804,"url":"https:\/\/nccomputertech.com\/techtalk\/2024\/11\/08\/maximum-iceland-scenario-data-caps-3rd-party-android-stores-nuclear-amazon\/","url_meta":{"origin":5358,"position":3},"title":"Maximum Iceland Scenario – Data Caps, 3rd Party Android Stores, Nuclear Amazon","author":"NCCT","date":"November 8, 2024","format":false,"excerpt":"https:\/\/youtu.be\/P5MkCwktKz0 Data Caps, 3rd Party Android Stores, Nuclear Amazon \u2022 Google must crack open Android for third-party stores, rules Epic judge \u2022 Google asks 9th Circuit for emergency stay, says Epic ruling \u2018is dangerous\u2019 \u2022 Canceling subscriptions is about to get easier \u2022 The FCC is looking into the impact\u2026","rel":"","context":"In "Software"","block_context":{"text":"Software","link":"https:\/\/nccomputertech.com\/techtalk\/category\/software\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/P5MkCwktKz0\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9472,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/12\/30\/our-years-best-this-week-in-tech-699\/","url_meta":{"origin":5358,"position":4},"title":"Our Year’s Best – This Week in Tech 699","author":"NCCT","date":"December 30, 2018","format":false,"excerpt":"https:\/\/youtu.be\/gz77WILat9o The Best of TWiT from 2018! Host: Leo Laporte","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/gz77WILat9o\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9291,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/01\/22\/this-week-in-tech-650-frumpy-rump\/","url_meta":{"origin":5358,"position":5},"title":"This Week in Tech 650: Frumpy Rump","author":"NCCT","date":"January 22, 2018","format":false,"excerpt":"https:\/\/youtu.be\/HSn_18byc6k EVs and self-driving cars at CES and the Detroit Auto Show. The first cashierless Amazon Go shop opens January 22nd. Apple HomePod is nearly here. Apple hands out $2500 employee stock bonuses as part of its huge cash repatriation plan. Google wants your selfies. Facebook wants you to tell\u2026","rel":"","context":"In "Technology"","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/HSn_18byc6k\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/5358","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=5358"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/5358\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=5358"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=5358"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=5358"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}