Search This Blog

Showing posts with label SMiShing. Show all posts

Android Banking malware spreads via Smishing (SMS phishing)

A new android banking trojan spotted in the wild that replaces the legitimate South-Korean banking android apps spreads via phishing sms attacks, reports McAfee Labs.

South-Korean bank users are being targeted with a fake message that purportedly coming from Financial Services Commission.  The message asks users to install the new anit-malware protection.

Unwitting user who follows the link provided in the sms and installs the app putting himself at risk.  The malware app silently attempts to uninstall the legitimate south-korean banking apps.  However, the malware is able to uninstall the apps only if the device is rooted.

If the device is not rooted, the malware asks users to uninstall the legitimate app and urge them to install another app with the same icon but with suspicious permission request.

The trojan then asks users to enter the banking credentials such as account number, password, Internet banking ID, social security number.  The collected info is later sent to remote server.

"McAfee Mobile Security detects this threat as Android/FakeBankDropper.A and Android/FakeBank.A and alerts mobile users if it is present".

SMiShing: SMS Phishing tricks victims into providing Bank details


SMS phishing attacks(Smishing), increased 913% during the first week of September, making SMS phishing currently the single largest SMS text messaging threat.

According to Cloudmark report, the victims are being scammed with the following text " Fwd:Good Afternoon .Attention Required Call.(xxx)xxxxxxx" . Victims are instructed to call to various phone numbers.

According to the report, there are more than 500 different text message used in the phishing campaign.

If the recipient calls the provided number, an automated message asks for the sensitive credentials that can be used for bank and credit card fraud.

"Victims who fall for the phishing scam and divulge their credentials risk being subjected to bank account theft, credit card fraud, and even outright identity theft."Cloudmark blog post reads. "Stolen information can even be used in social engineering scams to elicit further information from unrelated accounts."

If you suppose get these type of phishing SMS , you can forward the text to short code 7726 to notify your carrier and to facilitate resolution.