Mobile Bank Trojan

Short bio

With mobile devices and SMS messaging becoming more mainstream, banks looked to capitalize and offer customers a way to access accounts and authentication transactions.

History

Bank Trojans go back to when mobile phones first were capable of sending SMS and accessing the Internet. Two big players in banking malware on the PC side, Zeus and SpyEye, had big success targeting Symbian eventually making their way onto Android, Zitmo/Spitmo. Eventually other players took advantage of Android’s popularity and openness to distributing Banking Trojans, with many targeting the Korean banking market.

Common infection method

Infected and fake bank apps are distributed through third party app stores and SMS links. Using man-in-the-middle techniques, they look to capture SMS and Internet traffic to steal account credentials and authentication codes.

Associated families

  • Trojan.Bank.Marcher
  • Trojan.Bank.Perkel
  • Trojan.Bank.Wroba
  • Trojan.Bankun
  • Trojan.Spy.FakeBank
  • Trojan.Spy.FakeKRBank
  • Trojan.Spitmo
  • Trojan.Zitmo

Remediation

These apps can be uninstalled using the mobile devices uninstall functionality. The tricky part is identifying the offending behavior and app. That is where anti-malware software can help by identifying and removing these apps.

Aftermath

Victims of these malicious apps can expect to see their bank accounts and credentials compromised.

Avoidance

Stick to trusted sources for mobile apps and avoid any third party apps requesting banking information. Use only trusted apps your bank distributes and endorses.

Screenshots