ESET, an IT security firm, has identified a new variant of the banking Trojan ‘Qadars,’ which injects rogue JavaScript code into Facebook pages when accessed through an infected system’s browser.
The iBanking bot, when installed on a mobile phone, can easily spy on user’s communications, redirect incoming voice calls, and even capture audio using the device’s microphone.
It is able to bypass the mobile two-factor authentication, commonly called as mobile transaction authorization number, mTan or mToken, used by several financial institutions to verify and authorize banking transactions.
How it works:
Once the user logs into his Facebook account from a mobile phone, the malware tries to inject a fake facebook verification page leading to malicious android application, which seeks the user’s phone number and confirmation for using Android on the phone or tab.
Once the phone number is entered, the user is directed to an SMS verification step. The new SMS verification webpage also instructs the users to download the application from the link provided in case they did not receive any message from the Facebook.
Then, an installation guide directs the users to install the new application.
Once installed, the bot takes complete control over the mobile.
A detailed infographic about the malware is presented by the ESET security community.
Jean-Ian Boutin, an ESET malware researcher, says, “The Trojan is able to intercept a webpage downloaded from a webserver, inspect it and inject new content into the page before showing it to the user. In the webinject configuration file I received, one of the targets was the Facebook website.”
Challenges:
This application was on sale in underground forums with a detailed explanation of how it works, according to an independent researcher Kafeine
The website selling the bot lists its features as:
- Grabbing all information about the victim (Phone Number, ICCID, IMEI, IMSI, Model, OS)
- Interception of incoming SMS messages and sending them to the web-panel and the control room.
- Call forwarding to any number
- Grabbing all incoming and outgoing SM
- Grabbing all incoming and outgoing calls
- Grabbing books with contacts ( names and numbers )
- Record audio , sending it to the server ( know what is happening around)
- Sending SMS to any room without the owner’s knowledge
- The application can not be removed if the owner when installing given administrator rights .
- Function demolition system to the factory settings (if the admin rights ) Our coders with ease for you finalize your desired functionality. Easy Web Panel:
- Here is the socket to work with bots who wants to touch live , write, do a test account .
- http://www.tmn-security.pt/ris.JPG
- Just for you produced a manual on the bot :
- http://www.tmn-security.pt/manual.pdf
The security firm also noted that the web-based control panel of the bot provides its masters with complete control of the infected mobile device.
The researchers further note,
This highlights the need for stronger authentication solutions capable of validating users’ identities using multiple factors including biometric solutions. The latter will also assist in reducing the dependency on conscious human intervention making social engineering attempts void.”
Heartbleed has been termed as the biggest bug ever that has exposed as much as one-third of all websites to the vulnerabilities of data theft. Most of the big and main stream websites and service providers, such as Google, Facebook, Yahoo and Microsoft, took immediate action and provided patch as well as suggested that their users change their passwords immediately. However, as the Heartbleed bug’s impact has been huge, there are still a lot of websites out there which have not updated their security certificates. Changing passwords on these websites will not make you any safer as the security hole has not been closed yet and your data including password can be breached again. Following steps are suggested to protect your data.
Check if the bug has been fixed or not
First logical step that should be taken is to identify the websites and services that have or have not patched the bug. You can check it at the McAfee Heartbleed test website or use the Qualys scanner. All you will have to do is to enter the domain and the system will provide further details. Alternatively, a list is also maintained and updated here by Digital Trends.
Two-factor authentication
Imagine if the service that you use asks for an additional authentication, such as a code, that is inaccessible to the hackers and you use it alongside your regular password to access the service if you try to login from an unfamiliar device. Even if the password is breached the hacker cannot get into the website that you use since it does not has access to the codes or any other form of additional verification. This is called two-factor authentication or 2AF. Normally, this second authentication is a one-time usage only code that is sent through SMS to the user. Although, it can be a little inconvenience but the additional layer of authentication protects you immensely and perhaps you do not use unfamiliar devices that often. However, not all service providers use it. Check which providers are using it and which are not through this website. The website also contains links to instructions on enabling it if a website uses 2AF.
Use password manager
No matter how hard you try, it is very difficult to create a unique and strong password for each service that you use, which is highly recommended, that is easily remember able for you as well. Thus, we need someone who (which) can remember all the passwords for us. In other words, we need a password manager. A password manager keeps track of all your unique passwords and assists you with automatic logins and if a big security issue arises then it is very manageable to change passwords using password managers. There are many good password managers out there but onlyLastPass, RoboForm, Norton Identity Safe, and 1Passwordare recommended as they are reliable.
However, taking all the above mentioned steps does not guarantee a 100% safety but it does provides a better shield in case of an attack. Hackers and their techniques are becoming sophisticated and our reliance on web-based services is ever increasing. Thus, the breaches in future could be more catastrophic than ever.
- See more at: http://hackersnewsbulletin.com/2014/04/learn-beat-heartbleed-bug-changing-password-enough.html#sthash.I85xBmvL.dpuf
No comments:
Post a Comment