Out-Law News 2 min. read
22 Aug 2013, 1:55 pm
In its second quarterly threats report for 2013 (38-page / 2.61MB PDF), McAfee said that hackers are using "banking malware" that allows them to access text messages sent by banks to their customers that ask for extra security details to be entered before giving access to accounts. The malicious software sends hackers a copy of the text messages issued by the banks, it said.
"Banks in Europe and Asia require two-factor authentications via SMS messages," the McAfee report said. "When customers log into their banks, they are sent a mobile transaction authentication number (mTAN) in a text message. Then they must enter the mTAN code to get access to their accounts. This step prevents an attacker who steals only username and password from reaching a victim’s money. Attackers seeking to bypass two-factor authentication need to get that text message sent by the banks."
"Once the attacker has stolen a username and password from a victim’s PC, the thief needs only to get the user to install SMS‑forwarding malware. A pair of malware ... take the standard SMS forwarder malware a step further. Normally we advise users to employ only the official app provided by their banks for any online banking. [One of the specific malware identified by McAfee] counters that defence by replacing the bank’s official app with [other malicious software purporting to be the official app]. While the victims think they have the original app installed, the attacker logs into the users’ accounts to get the latest SMS from the bank," it said.
McAfee said that "banking malware" was the most popular threat, together with 'backdoor Trojans', it had identified in the mobile environment during the period spanning April to June this year. Backdoor Trojans refer to the use of malware computer code to open up systems to unauthorised access and control by hackers.
McAfee said that it had seen 17,000 separate examples of banking malware and backdoor Trojans when analysing the Google Android operating system for mobile during the second quarter and said that the total figures for the year for such attacks across all mobile operating systems "is certain to establish another record".
According to the report, 'phishing' attacks on websites fell during the quarter two period. Phishing of websites refers to the act of setting up a fake website similar to legitimate sites that are designed to trick users into entering details that hackers can gather to steal from them or gain access to important information.
The websites of Barclays, HM Revenue & Customs, HSBC, Lloyds TSB, Natwest and Santander were most targeted for phishing scams in the UK during the quarter two period this year, the report said.
"Companies from the United States are the most frequently targeted, suffering 67% of all [phishing] attacks," the report said. "They are followed by United Kingdom and Australia, with 6% and 3%, respectively. Phishers go after several key industries. The top 5 are finance (with 42% of attacks), online auctions (32%), government, shopping, and services."