Online Banking Customers Targeted by New Malware

New Malware Targeting Online Banking Customers. Named HijackRAT, the malware uses a malicious App to infect.

Banking portals are hundred percent secure. Any moment they suspect some weird activity, they instantly block any attempts to login or do any transaction. Such blocking , many a times is a big hassle for the customer, but it’s Bank’s way of securing its customers and their money. But still it’s the responsibility of the banking customer to adopt various security precautions on his end (Mobile, Tablet, PC) before using the device for any online banking transactions. A user’s device without any genuine anti-virus and internet security , and laden with malwares always increases the risk to any user information and online bank account.


Android Malware HijackRAT

Recently, researchers have discovered a new Android malware named HijackRAT, which is capable of stealing personal information such as banking credentials and login details of the infected users. It also allows hackers to easily get the remote access of the infected device. HijackRAT gets onto user’s device through a malicious app called Google Service Framework, which is said to be the most advanced malware application ever discovered.

The Google Service Framework application apparently steals data, sends SMS messages to user’s contact list, and initiates malicious app updates. This application searches genuine banking apps installed on the device of the victim and replaces them with malicious ones. According to the researchers, cyber-criminals have designed a framework to conduct bank hijacking through this application. Currently, this app is being used to target customers of Korean banks but cyber-criminals could quickly and conveniently use it to target other financial institutions too.

As per researchers, the package name of this new RAT malware is ‘com.ll’ and it appears as Google Service Framework with the default Android icon. Researchers say that this is a work in progress app and they are unaware of what the replaced fake banking apps will do.

Apart from Android banking malware, there is a new banking malware named Emotet, which is being floated through spam emails. The hackers try to trick the customers by letting believe that it is a legitimate shipping invoice sent by the bank. These spam emails are basically related to money transfers or shipping invoices. It contains an embedded link, which when clicked installs the Emotet malware onto the user’s computer. The Emotet malware also downloads a .DLL file that is responsible for network sniffing activities.

Emotet comes with a list of various banking URLs, mostly found to be owned by German banks. If a user infected with Emotet visits any of the listed URLs, Emotet immediately records all the information that is transferred between the user and that website. Research indicates that Emotet can also steal personal data of the user from HTTPS banking websites protected by TLS encryption. It also states that this malware has been specifically designed to target customers of various German banks, but hackers will also come up with variants that will target North American and Asian banks as well.

Tips for online banking customers on how not to get infected with such banking malware

  1. Use reliable Anti-Virus Software and keep the security settings of your computer to a higher level.
  2. Never click on any link mentioned within unsolicited emails.
  3. Be cautious and avoid providing personal data related to credit card, bank account numbers or passwords to any unknown site or a fake site.
  4. Pay close attention to the URL (Internet address) mentioned in the link. This means you must not only look for secure (lock) symbol, but also the spellings used in the link. Once a malicious spam on Twitter was using the URL for an authorization page, which was the exact copy of Twitter’s authorisation page, as ‘Twietter’.
  5. Never disclose your login credentials to other people or companies.
  6. Don’t use the same ID and PIN/Password for every online account you have.
  7. Avoid clicking on any pop-up that appears, especially pop-ups which are displayed on an unknown website.
  8. Certain websites automatically download malware onto your system, beware of such websites. Hence, to mitigate such attacks, presence of an Antivirus is a must.
  9. If Your bank blocks your login attempt , see it as a necessary precautionary step taken by your bank. You may have some hassle of visiting your bank branch to unblock your account , but see it as a necessary intervention by your bank. When at bank, ask them what exactly caused the blocking. This will help you to avoid e-commerce sites with suspicious working.
  10. If everything is taken care of, then use your online banking account confidently. This means, do not fiddle. Online banking is a great convenience , which you must not suspect on what your ignorant friend tell you.

In order to safeguard your Android based Smartphone,the eScan provides a range of security solutions for Android :

Download link for eScan Mobile Security for Android:   

Download link for eScan Tablet Security for Android: