Mobile Malware Hits Bank Customers with Classic Ransom Scam

There is something greater than 100 million individuals using mobile banking apps in North America.  Given their primitive security capabilities, that describes a material attack surface.

Mobile Trojan Svpeng was identified stealing mobile banking credentials almost a year ago by Kaspersky Labs.

The malware has continued to evolve since then and since the start of this month it has been circulating as classic ransomware attacking Android-based mobile devices.

Initially it looks for banking applications from USAA, Citigroup, American Express, Wells Fargo, Bank of America, TD Bank, JPMorgan Chase, BB&T and Regions Bank, and when it finds one or more, it forwards that information to a server under the cybercriminals’ control.

It imitates a scan of the phone and announces that it has found some prohibited content.

The malware then blocks the phone and demands a payment of $200 to unblock it.

It also displays a photo of the user taken by the phone’s front camera.

The creators of the Trojan finally provide detailed directions for paying the ransom payments using ‘Green Dot’ MoneyPak vouchers.

Expect this model to continue evolving.  The team behind it understands how to get their malware out onto individual’s mobile devices, how to collect user credentials, how to target mobile banking customers, and appears to be in the process of building a database of endpoints and individuals that use specific banking apps.  It does not require much creativity to picture a business model where this information is sold to other hostile parties in an on-line datamart — crime, theft, & harm to follow…

This is another reason to enhance and actively manage the quality of your anti-fraud processes, algorithms, and infrastructure.

REFERENCES:

“Latest version of Svpeng targets users in US.”
Roman Unuchek, June 11, 2014
http://www.securelist.com/en/blog/8227/Latest_version_of_Svpeng_targets_users_in_US

“Kaspersky Lab detects mobile Trojan Svpeng: Financial malware with ransomware capabilities now targeting U.S. users”
June 11, 2014
http://www.kaspersky.com/about/news/virus/2014/Kaspersky-Lab-detects-mobile-Trojan-Svpeng-Financial-malware-with-ransomware-capabilities-now-targeting-US-users

“First Major Mobile Banking Security Threat Hits the U.S.”
By Penny Crosman , JUN 13, 2014
http://www.americanbanker.com/issues/179_114/first-major-mobile-banking-security-threat-hits-the-us-1068100-1.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: