There is something greater than 100 million individuals using mobile banking apps in North America. Given their primitive security capabilities, that describes a material attack surface.
Mobile Trojan Svpeng was identified stealing mobile banking credentials almost a year ago by Kaspersky Labs.
The malware has continued to evolve since then and since the start of this month it has been circulating as classic ransomware attacking Android-based mobile devices.
Initially it looks for banking applications from USAA, Citigroup, American Express, Wells Fargo, Bank of America, TD Bank, JPMorgan Chase, BB&T and Regions Bank, and when it finds one or more, it forwards that information to a server under the cybercriminals’ control.
It imitates a scan of the phone and announces that it has found some prohibited content.
The malware then blocks the phone and demands a payment of $200 to unblock it.
It also displays a photo of the user taken by the phone’s front camera.
The creators of the Trojan finally provide detailed directions for paying the ransom payments using ‘Green Dot’ MoneyPak vouchers.
Expect this model to continue evolving. The team behind it understands how to get their malware out onto individual’s mobile devices, how to collect user credentials, how to target mobile banking customers, and appears to be in the process of building a database of endpoints and individuals that use specific banking apps. It does not require much creativity to picture a business model where this information is sold to other hostile parties in an on-line datamart — crime, theft, & harm to follow…
This is another reason to enhance and actively manage the quality of your anti-fraud processes, algorithms, and infrastructure.
“Latest version of Svpeng targets users in US.”
Roman Unuchek, June 11, 2014
“Kaspersky Lab detects mobile Trojan Svpeng: Financial malware with ransomware capabilities now targeting U.S. users”
June 11, 2014
“First Major Mobile Banking Security Threat Hits the U.S.”
By Penny Crosman , JUN 13, 2014