Members
  • Total Members: 12814
  • Latest: Rono
Stats
  • Total Posts: 28517
  • Total Topics: 8240
  • Online Today: 976
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Android/FakeToken 2.0 Goes Back to Basics  (Read 644 times)

0 Members and 1 Guest are viewing this topic.

Pez

  • SCF VIP Member
  • *****
  • Posts: 723
  • KARMA: 116
  • Gender: Male
  • Pez
Android/FakeToken 2.0 Goes Back to Basics
« on: 31. October 2012., 15:44:40 »
Android/FakeToken 2.0 Goes Back to Basics
 
In March a new type of financial attack on Android devices was found targeting customers of several banks in Europe. Dubbed FakeToken, one of the principal differences of this new threat–compared with previous Trojan bankers for Android such as Zitmo/Spitmo–was the fact that both authentication factors (Internet password and mTAN) were stolen directly from the mobile device. In this case the cybercriminals had no need to first infect PCs to steal bank account passwords.

Recently a new version of this malware was found being distributed through phishing emails pretending to be sent by the targeted bank. According to an alert published by the affected bank, the malware attack simulates the real Internet banking site by asking for confidential information like personal email and phone number. This information is used to initiate the mobile attack.

Another technique used to distribute this malware includes injecting web pages from infected computers, simulating a fake security app that presumably avoids the interception of SMS messages by generating a unique digital certificate based on the phone number of the device. The fake web page provides a URL that is intended to be entered into the mobile browser, prompting the user to download/install the malware on the mobile device.

Finally, a third version injects a phishing web page that redirects users to a website pretending to be a security vendor that offers the “eBanking SMS Guard” as protection against “SMS message interception and mobile Phone SIM card cloning.”

Once the application is downloaded and the user tries to install it, the malware requests almost the same permissions as the first version, but the application doesn’t access the contact list. This change was likely made to avoid raising suspicions.



Another difference between the two versions is the name that the malware authors used for the malicious application. Instead of naming it “TokenGenerator,” the new version gives the look and feel of security software for protecting SMS messages received by the customer.



When the user executes the application, the malware shows a WebView component displaying an HTML/JavaScript web page that pretends to be an mToken app and not the “SMS Guard” used in the name. Instead of asking the user to enter the first factor of authentication this version shows just the fake mToken, which suspiciously never changes.



At the same time, the malware sends to a specific number an SMS message with the device identifier (IMEI) of the affected device. The same identifier, along with others like the IMSI and phone number, are also sent to a remote server to register the infected device in the control server of the attacker. From this point, all SMS content received by the infected device is sent to a remote server and to the phone number specified in the configuration file inside the original APK file.

Taking into account this new version of FakeToken and the recent version of Zitmo, it’s clear that Android Trojan bankers are becoming more prevalent. This is partially due to the increased adoption of mobile banking as well as the constant evolution of cybercriminal methods. By targeting different financial entities and changing their methods, cybercriminal attacks appear more credible (by removing excess functions) to victims and more effective in getting mTANs by intercepting all the SMS messages received by the affected user.

McAfee Mobile Security detects this threat as Android/FakeToken.B and alerts mobile users if it is present on their devices, while protecting them from any data loss. For more information about McAfee Mobile Security, visit https://www.mcafeemobilesecurity.com.

Orginal Article: Tuesday, October 30, 2012 at 10:50am by Carlos Castillo
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing ! http://scforum.info/index.php/topic,8405.msg21475.html#msg21475

Samker's Computer Forum - SCforum.info

Android/FakeToken 2.0 Goes Back to Basics
« on: 31. October 2012., 15:44:40 »




 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising