• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   These ads are more than annoying: Android banking malware to watch out for

These ads are more than annoying: Android banking malware to watch out for

  • Posted on:August 23, 2016
  • Posted in:Industry News, Security
  • Posted by:Christopher Budd (Global Threat Communications)
0
Banking trojans masquerade as harmless ads or apps - until they abscond with your financial data.

Banking malware is one of the biggest threats possible for mobile devices. Unsuspecting smartphone users have fallen victim to devious attacks from malware masquerading as something more innocuous, sometimes leading to their personal and financial information being leaked. It's for this reason that banking trojans are among the most dangerous of malicious programs.

Let's take a look at some recent incarnations of banking trojans and see how they can affect organizations and individuals alike:

Svpeng will steal your financial data

Business Insider contributor Rob Price recently reported on a banking malware scheme that's being distributed through Google's advertising network AdSense. This network, which is the single biggest ad network in the world, is used by countless organizations for their websites in order to generate ads, and the fact that it's currently the distribution vehicle for a malicious program like this banking trojan is especially troublesome. Unknowing users are clicking on these ads, which leads to the trojan being downloaded onto their mobile devices without their authorization.

Once installed, the mobile malware, called Svpeng, hides out in the list of phone applications. It steals financial data and spies on users more generally, gleaning information like call history, text messages and multimedia messages. In order to make sure you don't fall victim to this strain of malware, it's critical to stay on top of your phone's security settings.

"There are ways to avoid being infected," Price wrote. "If users have their security settings set so their phone won't run apps from unknown sources, their devices won't be compromised. By default, Android won't run unknown apps – but it is sometimes necessary to change these settings (to install apps from third-party app stores, for example) – putting the phone at risk."

In other words, it's important be wary of third-party apps downloaded from the app store – and not just because those apps in particular may be compromised. The requirement of shutting down security settings may trigger an infection from an app that's already on your device.

Malicious ads seen elsewhere

This isn't the first time Svpeng has been in the news, or that ads have been the vehicle for malware. In 2014, Bank Info Security contributor Tracy Kitten reported an earlier incidence of Svpeng, which took the form of ransomware that conducted targeted attacks on financial institutions in Europe. SC Magazine senior reporter Adam Greenberg noted that the alleged creator of this malware was arrested in Russia in 2015, but Svpeng's recent resurgence shows how resilient malware can be.

In addition, Forbes found in late 2015 that a small portion of its ads were serving malware to unsuspecting readers of the site. The organization was able to discover and shut down all of the offending ads, but not before they inflicted damage over a span of around seven days. The ads were launched on only eight pages, most of which contained older stories. This incident is indicative of how trivial malware and adware can be and yet still cause worry for the targeted organizations.

Previous woes: PayPal, GozNym

This isn't the first time banking malware has been in the news. Trend Micro researchers also discovered a strain of Android malware hiding behind the mask of a PayPal app update in late 2015. Spam emails were sent to German users requesting they download an important PayPal upgrade to their phones, with the links in the emails leading to a mobile banking trojan that targeted financial institutions.

The list of banking malware goes on. One of the most well-known culprits of the banking malware family is the GozNym malware discovered earlier this year. According to Fortune contributor Clay Dillow, the malicious program had stolen nearly $4 million from Canadian and U.S. banks at the beginning of April. It is a combination of two previously potent malware strains, Nymaim and Gozi, which came together to form a two-headed program when Nymaim began to download the Gozi trojan to infect banking systems.

This malware wormed its way into banking systems by using a tried-and-true method: phishing.

"The most common infection method we observed used with GozNym is a three-step process that begins with phishing emails containing poisoned Word documents," Security Intelligence contributor Lior Keshet wrote. "In the campaigns studied by X-Force researchers, malicious macros in the documents executed a Pony Stealer malware variant, which in turn downloaded and executed the GozNym installer/loader."

These are only a few examples of banking malware lurking on websites and looking to infect mobile devices, as well as hardwired computers on company networks. In a world where banking Trojans masquerade as legitimate applications on the app store, organizations and consumers need to remain diligent. Investing in effective cyber security software is one way to ensure their personal banking information stays out of the hands of hackers and their money remains safe.

Related posts:

  1. The Android Malware Problem
  2. Malware scares still plaguing Android users
  3. Malicious Android App Fakes Shutdown and Allows Bad Guys to Take Control
  4. The Persistent Threat of Android Malware

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Trend Micro Asks Students How Their Relationship to the Internet Has Changed During COVID-19
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.