Banking Trojan targets Android phones

Read time 1min 40sec
The iBanking Trojan could be used in conjunction with other malware to inject code into a Web page, according to ESET.
The iBanking Trojan could be used in conjunction with other malware to inject code into a Web page, according to ESET.

Anti-virus vendor ESET has discovered a banking Trojan that targets Facebook users, in an attempt to gain access to their online banking details.

The iBanking app lures unsuspecting users into installing a fake Facebook app, and then asks for a phone number in order to intercept messages, including authentications from banks.

According to Lee Bristow, security consultant at ESET Southern Africa, the "extremely invasive" bot allows hackers to listen to calls and intercept SMS messages.

"The message displayed is full of spelling mistakes and bad grammar, and this should be a warning sign to anyone thinking of continuing any further and entering their telephone number," says ESET in a statement.

Bristow says the threat was discovered while ESET was tracking Trojan Win32/Qadars - described by the Windows Malware Protection Centre as "a malicious program that is unable to spread of its own accord". The Win32/Qadars Trojan is able to perform whatever actions an attacker desires.

Losing trust

Beza Belayneh, CEO of the South African Centre for Information Security, says such Trojans show how users are constantly faced with "rapidly evolving and sophisticated cyber threats".

ITWeb Security Summit 2014

The tailored tracks at the ITWeb Security Summit 2014 cover a wide range of topics, empowering information security professionals to select sessions of particular relevance to their roles within the enterprise. ITWeb Security Summit 2014 takes place from 27 to 29 May at the Sandton Convention Centre. Book your spot now.

According to Belayneh, users with increased cyber security resilience will help rebuild trust in the Internet, which he says is being constantly eroded with the emergence of new hacking strategies.

ESET notes iBanking can be used in conjunction with any malware able to inject code into a Web page. "It could be reused by other, more mainstream banking Trojans in the future," adds Bristow.

Bristow notes the "Web inject configuration file and the iBanking Android application can be bought in underground forums".

Login with