According to Security Researcher Daniel Cohen, the iBanking mobile bot is a relative all new to the mobile malware arena, and has been available for sale in the Underground Hacking Marketplace [Forum Link] since late last year for $5,000.
“We first saw the iBanking malware was distributed through HTML injection attacks on banking sites, social engineering victims into downloading a so called ‘security app’ for their Android devices,” said the RSA researchers in a blog post.
In addition, with the iBanking malware, Computer malware is used to defeat the mobile-based security mechanisms used by the banking sites.
“Apart from the server-side source-code, the leaked files also include a builder that can un-pack the existing iBanking APK file and re-pack it with different configurations, essentially providing fraudsters with the means to create their own unique application,” added Daniel Cohen.
In addition to SMS Sniffing, the iBanking app allows an attacker to redirect calls to any pre-defined phone number, capture audio using the device’s microphone and steal other confidential data like call history log and the phone book contacts.
During the installation process, the malicious app attempts to Social Engineer the user into providing it with administrative rights, making its removal much more difficult.
“The malware is an example of the ongoing developments in the mobile malware space and we are now seeing the next generation of malicious apps being developed and commercialized in the underground, boasting web-based control panels and packing more data-stealing features,” said Daniel and added that
“The malware’s ability to capture SMS messages and audio recordings, as well as divert voice calls makes step-up authentication all the more challenging as fraudsters gain more control over the OOB device. This highlights the need for stronger authentication solutions capable of validating users’ identities using multiple factors including biometric solutions.”
These Days, the malware apps are particularly dangerous as they are often designed to look as authentic as possible and one in five mobile threats are now bots, which is a sign that the complexity of Mobile Malware is increasing.