09.13.13

‘Bancos’ goes mobile

A new ‘Bancos’ style threat is trying to get the login information to your bank and steal money from you.

The threat is a Trojan that currently threatens online banking users in Europe and Asia by presenting very reliable campaigns related to official organizations. The malware is luring the victims to install and run it on their computer and then gain access to their bank account .

Currently, hundreds of infections were observed in Turkey ,the Czech Republic ,the United Kingdom and Portugal. The malware is considered powerful and sophisticated, and is spreading through e-mail as phishing and also attempts to infect mobile devices with Android, Symbian and BlackBerry operating systems.

While the goal of the Trojan is to get the login information of users to their online bank services, it is using known techniques such as record user’s keystrokes (keylogging), taking screenshots and even video documentation of the computer screen – the ultimate goal, of course, is to steal the money of the victims through access their bank account online. Despite very similar behavior to other known threats such as Zeus and SpyEye that share the same performance and goals, it is not a new variant of these old threats but an entirely new malware.

Moreover, despite the threat has been infecting only a few hundred computers, particularly in Turkey , Portugal, the Czech Republic and the United Kingdom, it could easily become a global scale threat in a short time. Similar to beta versions of legitimate software, hackers often do a sort of “dry run” with their viruses before they release them on a larger scale, and we believe that it was the intention of the hackers in this case.

In addition to the achievement of the victims login information for their banks and infecting the PC, the hackers in this case also trying to get victims to install malware on their smartphone, with mobile platforms that are at risk such as Android, Symbian and BlackBerry .

After the victim’s computer is infected by the Trojan, a web page that looks like bank site asks the users to enter their phone number and the type of their mobile device and then sends a text message to the device with a link to the malware application that if installed can collect information from the device and bypass the two phases authentication mechanism of the real bank service.

The hackers spread the threat through high quality phishing messages, posing as messages from an official source and make it look reliable. The first appearance of this threat was observed last month in the Czech Republic through Email impersonating to the country’s postal service. A post link led to a website that was almost identical to the real one.