Recent news reports have raised concerns about the Trojan “Svpeng” putting U.S. mobile banking users at risk. After reviewing the available information about the Svpeng Trojan’s spread in the USA, we do not believe that our members are being targeted. However, we felt that it was important to share this information about mobile banking security. The U.S. version of this trojan has acted as ransomware, locking devices it infects under the pretext of supposed criminal activity by the user (see http://www.securelist.com/en/images/vlweblog/unuchek_svpeng_us_04.png for an example) and demanding money via Green Dot MoneyPak cards in exchange for unlocking the device (note: we do not recommend users send money to anyone in an attempt to unlock an infected device). Once infected, removing the virus can be accomplished only by fully erasing the device, but users can minimize the risk of data loss by backing up their device regularly.
Kaspersky Lab reports that the Russian version of this Trojan is able to phish for online/mobile banking credentials by mimicking the login screen of certain Russian mobile banking apps, as well as phishing for credit card information by mimicking screens from the Google Play store. However, in US variations, “for now, this piece of malware, allegedly of Russian origin, does not steal credentials.” (Source: http://www.kaspersky.com/about/news/virus/2014/Kaspersky-Lab-detects-mobile-Trojan-Svpeng-Financial-malware-with-ransomware-capabilities-now-targeting-US-users, see also http://www.securelist.com/en/blog/8227/Latest_version_of_Svpeng_targets_users_in_US)
Security analysts also have found that the virus is potentially targeting customers of large banks in the US for its future phishing attacks. No credit unions are reported as targets by security analysts at this time. This virus can infect Android devices only, so members using iOS devices or other systems (Blackberry, Windows Phone, etc.) are not currently at risk for this attack. However, all mobile phone users should be security conscious and make sure to protect their devices.
Tips to prevent infection:
- Users should never install an app unless they specifically tried to install it themselves directly from the Google Play store, and should be especially cautious about installing apps based on links in emails, SMS messages, etc. Even if an app looks like a commonly used program, it could be a digital wolf-in-sheep's-clothing. If a user is prompted to install an app, it is generally recommended that they don’t immediately install, but instead look up the app on Google Play, download it there, and then continue.
- The Google Play store (while not perfectly secure) is the safest place to download Android apps from and the only place where our clients’ mobile banking apps are officially offered to Android users (Note: in some cases we have worked with clients to offer a Kindle Fire app with Amazon, which is the only exception to this rule). Alternative app stores do not necessarily have the security standards used by Google and there have been incidents in other countries where an malware-infected version of a mobile app was put on alternative app stores and downloaded by unsuspecting users.
- It is especially important that the average Android user should never allow an app to activate "device administrator" (see http://www.securelist.com/en/images/vlweblog/mobile_phishing_7.png) - this can allow almost free reign to any app that requests it. Note how this screenshot shows the admin-requesting Trojan pretending to be the Adobe Flash Player, an example of how any app from an unknown source can potentially be a threat.
- Users should back up their devices regularly so that in the event of infection, they will not lose all of their data.
- Mobile security software is available for mobile devices and may help protect users. Access Softek does not have a specific recommendation regarding these products.
http://www.securelist.com/en/blog/8227/Latest_version_of_Svpeng_targets_users_in_US
http://www.securelist.com/en/blog/8138/The_Android_Trojan_Svpeng_now_capable_of_mobile_phishing
http://threatpost.com/android-banking-trojan-svpeng-goes-phishing
http://www.kaspersky.com/about/news/virus/2014/Kaspersky-Lab-detects-mobile-Trojan-Svpeng-Financial-malware-with-ransomware-capabilities-now-targeting-US-users
Posts
No comments:
Post a Comment