New Delhi, India, July 12, 2014: eScan, one of the leading Anti-Virus and Content Security Solution providers, alerts online banking users about the latest HijackRAT and Emotet malware that are posing threat to online banking customers by stealing their sensitive information.
Recently, researchers have discovered a new Android malware named HijackRAT, which is capable of stealing personal information such as banking credentials and login details of the infected users. It also allows hackers to easily get the remote access of the infected device. HijackRAT gets onto user’s device through a malicious app called Google Service Framework, which is said to be the most advanced malware application ever discovered.
The Google Service Framework application apparently steals data, sends SMS messages to user’s contact list, and initiates malicious app updates. This application searches genuine banking apps installed on the device of the victim and replaces them with malicious ones. According to the researchers, cyber-criminals have designed a framework to conduct bank hijacking through this application. Currently, this app is being used to target customers of Korean banks but cyber-criminals could quickly and conveniently use it to target other financial institutions too.
As per researchers, the package name of this new RAT malware is ‘com.ll’ and it appears as Google Service Framework with the default Android icon. Researchers say that this is a work in progress app and they are unaware of what the replaced fake banking apps will do.
Apart from Android banking malware, there is a new banking malware named Emotet, which is being floated through spam emails. The hackers try to trick the customers by letting believe that it is a legitimate shipping invoice sent by the bank. These spam emails are basically related to money transfers or shipping invoices. It contains an embedded link, which when clicked installs the Emotet malware onto the user’s computer. The Emotet malware also downloads a .DLL file that is responsible for network sniffing activities.
Emotet comes with a list of various banking URLs, mostly found to be owned by German banks. If a user infected with Emotet visits any of the listed URLs, Emotet immediately records all the information that is transferred between the user and that website. Research indicates that Emotet can also steal personal data of the user from HTTPS banking websites protected by TLS encryption. It also states that this malware has been specifically designed to target customers of various German banks, but hackers will also come up with variants that will target North American and Asian banks as well.
eScan provides few important suggestions to online banking customers on how not to get infected with such banking malware such as:
- Use reliable Anti-Virus Software and keep the security settings of your computer to a higher level.
- Never click on any link mentioned within unsolicited emails.
- Be cautious and avoid providing personal data related to credit card, bank account numbers or passwords to any unknown site or a fake site.
- Pay close attention to the URL (Internet address) mentioned in the link.
- Never disclose your login credentials to other people or companies.
- Don’t use the same ID and PIN/Password for every online account you have.
- Avoid clicking on any pop-up that appears, especially pop-ups which are displayed on an unknown website.
- Certain websites automatically download malware onto your system, beware of such websites. Hence, to mitigate such attacks, presence of an Antivirus is a must.