This time hackers are planning to affect millions of Facebook users with the use of the Trojan named “Qadars”. When a system is infected with Qadars Trojan, user of that system will be shown a message when logging into banking sites or Facebook “This site requires a new extra safety protection system”, asking users to download and install malicious Android app- iBanking that can defeat mobile-based security.
These man-in-the-middle attacks are known as webinjects, which are used to collect log-in credentials and other sensitive financial information from users.
How does it happen?
PC malware which may already be present in the user’s computer can pose a threat when browsing banking or social networking sites. To deal with this issue, many banks and social networking sites implementing two-factor authentication systems in which a unique one-time-use code is sent to the users registered phone numbers via SMS. Therefore, attackers have developed a mobile malware called iBanking as an answer to two-factor authentication systems. iBanking, along with PC malware is designed to defeat mobile-based security mechanisms used by banking and social networking sites.
However, when the user is logging into Facebook, Qadars Trojan-which the users system may be already affected with, asks users to download and install malicious Android app- iBanking. Once installed on an Android phone, iBanking starts tracking incoming and outgoing text messages, which includes stealing authentication codes sent to users Android phone via SMS. It can also track audio SMSs, steal the call history log and even the phone book. Apparently, this app may primarily be stealing SMS security codes sent by Facebook and banks for two-factor authentication.
Moreover, this malware links to a command-and-control server that allows hackers to issue commands to each infected device. With this, it’s not only acting as a Trojan app, but also as a botnet client.
The researchers at RSA said, “This highlights the need for stronger authentication solutions capable of validating users’ identities using multiple factors including biometric solutions.”
What should I do as a user to protect myself from such attacks?
- Apply all software updates and effective antivirus software for your mobile and PC.
- Enable firewall in your computer system to ensure you are secure on local networks and the Internet.
- Before installing any program or software conduct a background check on various forums via search engines to understand the problems faced by the customers of the site in question.
- Do not download any application in Android from untrusted source.
- Do not install mobile apps before understanding the “Access Rights” required by it.
- Do not respond to SMSs or automated voice messages from unknown numbers on your smartphone.
- Never click on links sent through SMS. Type the URL directly in the address bar to see if it’s legitimate.
Update your system with the latest antivirus software such as eScan that provides enhanced protection against evolving internet threats. To see if your system is infected or not, use the free eScan tool kit from here https://www.escanav.com/english/content/products/MWAV/escan_mwav.asp
Moreover, to protect your android mobile from malware and other security threats use eScan Mobile Security for Android: https://www.escanav.com/english/content/products/escan_mobile/escan_mobile1.asp
