If You Use Maybank2U And CIMB Clicks On Android, You Should Read This Alert

Don't download suspicious software.

Cover image via

Earlier this week, Federal Police Commercial Crimes Department reported that Malaysians who access their bank accounts using Android, Symbian, and BlackBerry smartphones and tablets are being targeted with a malware virus dubbed 'Zeus'

A malware known as the Zeus virus has reached Malaysia. With that the public are advised to be careful using e-banking applications such as M2U/CIMB Clicks on Android mobile devices for the time being. According to Malaysian Computer Emergency Response Team (MyCERT) website, they have received several reports regarding a malware that targets Maybank2U and CIMB Clicks customers. Based on MyCERT’s initial analysis, they found this campaign uses the Zeus banking malware family as its Modus Operandi in this campaign.

During a media conference in KL, Deputy Director DCP Datuk Hamza Taib said that so far eight reports have been received from victims who lost about RM60,000 this month to cyber criminals

Federal Commercial Crime Investigation Department deputy director Senior Deputy Comm Datuk Hamza Taib said at least eight people had lost more than RM59,000 this month to the scam. “One victim lost RM10,000. Most of the cases occurred in the Klang Valley,” he told a press conference yesterday.

He explained that those vulnerable to the malware were the ones using BlackBerry and with phones running the Android and Symbian operating systems. “One of the ways to prevent this is to constantly scan the phones using an anti-virus program. Once infected, the only way is to reset the phone,” he said.

The Federal Police Commercial Crimes Department Deputy Director said victims discovered they were targeted when banks sent notifications about financial transactions. He said the police had already tracked down an account number belonging to a syndicate. “We hope to catch the syndicate members soon.”

According to MyCERT, the Zues virus is delivered to smartphones or tablets via a link or attachment in a phishing message through a text messaging medium such as WhatsApp, SMS, or Twitter

Image via

Attacker will infect victim's computers with Zeus banker malware which will inject modified contents when users is browsing a legitimate online banking website, as shown in the above sample image of the injected page.

The virus Zeus, which is activated when the user performs Internet banking, presents a fake Internet page. Instead of the regular home page of the bank, several pop-up windows appear, requiring the user to fill in their personal details, MyCERT reports.

The malware will inject a modified fake contents that looks like a real online banking website when user is browsing a legitimate online banking website, in which the content will request victim's smartphone operating system and mobile number. The malware will SMS to the smartphone a malicious APK and infect the smart phone in order to establish callback with the attackers for further instructions.

The modified content will prompt user to choose their smartphone Operating System and provide their phone number as well. With the phone number information, attacker will send SMS containing link to a malicious APK known as Zitmo malware to the victim's smartphone, purportedly to be a an online banking verification certificate.

Once the APK is installed in the smartphone, a popup message will appear and the Zitmo malware will attempt to make callback to attacker through SMS and wait for further instruction. Few days later, attacker will login to victim's online banking account using the stolen credentials and perform online transaction successfully by using intercepted TAC number.

But it is easy to avoid getting your smartphone devices from getting infected. Don't download suspicious software.

This is the advice of Malaysian Computer Emergency Response Team (MyCERT), which also recommends mobile device and PC users keep their anti-virus and anti-malware software up to date. MyCert said the mobile malware has been discovered since late September 2010 but it is the first time it’s being used in malware campaign targeting Malaysian users.

If you suspect your bank account has been compromised or spot any activity you have not authorised, please notify your banking provider immediately

Image via

For smartphone users, it advised: “Verify an app’s permission and the app’s author or publisher before installing. Always run a reputable anti-virus on your smartphone/mobile devices, and keep it up to date regularly.

“Don’t use public Wi-Fi networks for bank transactions and turn off Bluetooth connection when not in use. These can be open windows for eavesdroppers intercepting the transaction or installing spyware and other malware on user’s smartphone/tablet.”

You may be interested in: