Kaspersky Lab detects rise of
mobile banking trojan Asacub
aspersky Lab has reported
a large-scale distribution
campaign of the mobile banking
trojan Asacub, which is taking victims
around the world. According to the
Kaspersky Lab experts, the number of
users being hit by Asacub has risen to
40,000 daily.
K
Asacub is primarily aimed at Russian
users, since the cybercriminals
specifically target clients of a major
Russian bank, but it has also hit users
from Ukraine, Turkey, Germany, Belarus,
Poland, Armenia, Kazakhstan, the US
and other countries.
The activity of Asacub mobile banker
was first detected in 2015. Over the
years it has evolved and its creators
have conducted a large campaign for
its dissemination. So much so that,
over the past year, Asacub has held the
leading position (38%) among all mobile
banking trojans.
messages which invite victims to look
at a photo or MMS message. If, in their
device settings, the victim has pre-set
their device to allow installations from
unknown sources, Asacub is able to
install itself on the victim’s device as the
default SMS application.
This means that when a new SMS
message arrives, it can transmit the
sender’s number and message text to
the intruders’ command server. Thus,
Asacub can withdraw funds from a bank
card attached to the phone by sending
SMS messages for transferring funds to
another card or phone number, as well
as intercepting SMS messages from a
bank with one-time passwords.
“The example of the Asacub trojan
shows us that mobile malware can
function for several years with minimal
changes in its distribution pattern. One
of the main reasons for this is that the
human factor can be leveraged through
social engineering: SMS messages
look like they are meant for a certain
user so victims unconsciously click
on fraudulent links,” said Tatyana
Shishkova, Malware Analyst, Kaspersky
Lab. “In addition, with a regular change
of domains from which the trojan
is distributed, catching it requires
heuristic methods of detection.”
To ensure you don’t get caught out by
mobile banking malware, Kaspersky Lab
recommends following these simple rules:
• Download applications only from
official resources
• If possible, disable the installation of
applications from third-party sources
in your smartphone settings
• Do not click on suspicious links from
unknown senders
• Install a reliable security solution to
protect your mobile device u
The reason behind Asacub’s continued
sustainability lies in the fact that the
domains of its command server change
and there are disposable phishing links
for downloading the trojan.
The earlier modifications of Asacub were
closer to spyware than banking malware:
they could steal all incoming SMS
messages, regardless of the sender, and
upload them to the intruders’ server.
The functionality of the latest Asacub
modifications, discovered in September
2015 and later, helped intruders get
remote control of infected devices and
steal banking data.
Asacub works as follows: the trojan
is distributed through phishing SMS
www.intelligentciso.com
|
Issue 06
61