26 March 2012

Android malware steals banking credentials

Security researchers at McAfee have discovered a malicious Android application capable of grabbing banking passwords from a mobile device without infecting the user's computer........
The latest piece of Android malware, dubbed FakeToken, contains man-in-the-middle functionality to hijack two-factor authentication tokens and can be remotely controlled to grab the initial banking password directly from the infected mobile device...............
When the application is installed, the malware even goes so far as to mimic the targeted bank's logo and colour scheme, adding a certain credibility to the scheme, and making it hard for users to distinguish between the legitimate and malicious applications.
The original file that contains the malware also includes a list of the control servers that the malware can connect to, as well as a mobile number that the data from the compromised phone can be sent to via SMS, Threat Post notes.
The malware also creates a service that listens for commands from the control server. The commands can include installing a new list of control servers or requesting that the malware gather and send all of the contacts from the compromised phone................

Solutions : www.xcyss.in

No comments:

Post a Comment