Banking malware is being installed on Android devices via malicious links in SMS messages, CRN reports. Cisco Talos discovered the malware being advertised on an exploit forum, and found that it was being used to target Australian financial organizations.
It contained 189 logos belonging to banks and cryptocurrency exchanges. When a victim clicks on a malicious link and installs the malware, it presents a realistic-looking overlay application imitating the login page of one of these organizations, depending on which apps are already installed on the phone. Users who fall for this trick will have their credentials stolen.
Since the malware has access to users’ text messages, it can bypass SMS-based two-factor authentication to break into victims’ bank accounts. It also accesses the victim’s address book and sends malicious links to several of their contacts from the victim’s phone. Additionally, the malware has sophisticated anti-analysis and persistence capabilities, making it harder to detect and remove.
While this particular campaign was focused on Australian companies, the researchers noted that the malware allows operators to filter organizations by country, and in this case, the “AU” code was selected. This indicates that the malware can easily target other nations as well.
This scam requires several actions on the part of the user in order to succeed. New-school security awareness training can teach your employees to avoid clicking on unsolicited links at all costs, even if they appear to come from a friend.