To give the right tip is often complicated, especially abroad (ten percent fifteen?) And after a few beers. A friendly Android app takes this task and calculates the correct tip, correct, country-specific and late.
In the background, however, the app has a completely different task: it sends all SMS messages and dialed telephone numbers every hour via the Internet to any e-mail address. The text messages can include informal appointments, but also information about extortions or account tans.
It's about money
Mobile TANs, which become the standard for more and more banks, have another pest, the Trojan ZeuS, one of the most dangerous agents of its kind. It not only cracks online banking on the PC (last 3,000 British accounts), but Also affects smartphones with Symbian, Windows Mobile, Blackberry or Android.
Until now, the mobile phone has been a safe side channel to protect online accounts, Zeus now proves the opposite. The attackers initiate the attack via the PC Trojan. This presents the user in the browser a fake bank page, where he is requested beside the account number and password also to enter a cell phone number.
This is necessary to install a security certificate or tool (Trusteer) on the mobile phone. Soon, the customer receives a link to a website via SMS via SMS, via which he is to install certificate updates. This update is an app, which transfers SMS including mTANs to the attacker. This controls all online banking channels.
Zeus in the Mobile (ZitMo) is part of a trend that security experts are currently discovering: the scene is professionalized, it is not just about the academic proof "We can do it!", But it's about money. There are now business models and the deception becomes more sophisticated. ZitMo is not a case study, but a real danger that people have lost and lost money.
Mobile Bots
In addition to online accounts, the attack points are also located in addresses and messages, in the manner of the above-mentioned tip money trojan. Occasionally, the pests also try to spread through the address book by sending themselves by MMS. With Trojans camouflage themselves in nice games, this works well.
Because the receivers get a "cool game" from an acquaintance and install it. He is already infected. As with the Internet Trojans, the mobile bots merge into networks and receive new commands and updates via the control centers.
Security experts estimate that behind the networks are the same criminal forces, as behind the conventional bot networks, the Internet Mafia. The numbers of pests are increasing. In the first half of 2011, G Data SecurityLabs registered an increase of 140 percent compared to the second half of 2010.
And the G-Data experts "expect a further growth spurt in the field of mobile malicious code in the next six months," said the press release.
The plagues allow themselves a long list of rights on the device (which should make the mobile phone owner suspicious during installation) and can actually do everything the user can do: they read addresses, send SMS, cut phone calls, listen to the microphone The space or the device by GPS.
Since 2011, the technical aggressiveness potential has also reached a new level, because the Trojan Droid.dream (or Rootcager) succeeded for the first time that a pest obtains root rights on the smartphone. This allows the tool to reload updates and install additional apps without the phone owner having to agree again. If the first hurdle is taken, the attacker has free play.
No comments:
Post a Comment