Beware This Trojan Virus That Infects Your Smartphone and Hacks Your Bank Accounts

[Lee J <lee () riskbasedsecurity com>]

http://www.mainstreet.com/article/smart-spending/technology/beware-trojan-virustbhat-infects-your-smartphone-and-hacks-your-ba


NEW YORK (MainStreet <http://www.mainstreet.com/>) — A new threat to
banking security is spreading across the globe, and security experts
believe it could infect the U.S. financial system soon. ESET, a digital
security firm, has discovered a new and sophisticated hidden virus, known
to tech experts as a "Trojan," targeting online banking users in Europe and
Asia. The hidden "and very potent" banking malware, dubbed Hesperbot, is
spreading through email, attempting to hack mobile devices.

Infections have been detected in Turkey, the Czech Republic, the United
Kingdom and Portugal. The firm reports that "several victims have already
been robbed of financial assets."

"Analysis of the threat revealed that we were dealing with a banking
Trojan, with similar functionality and identical goals to the infamous Zeus
and SpyEye," said Robert Lipovsky, ESET malware researcher. "But
significant implementation differences indicated that this is a new malware
family, not a variant of a previously known Trojan."

The malware attempts to obtain login credentials by sending emails that
seem to originate from credible organizations. Once the virus has obtained
access to the victim's bank account it attempts to install a mobile
component of the malware on the smartphone.

The Czech malware attack began in August, impersonating the Czech Postal
Service.

"It's probably not surprising that the attackers tried to lure potential
victims to open the malware by sending phish-like emails resembling parcel
tracking information from the Postal Service," said Lipovsky. "This
technique has been used many times before."

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.