If You Use Maybank2U And CIMB Clicks On Android, You Should Read This Alert

A malware known as the Zeus virus has reached Malaysia. With that the public are advised to be careful using e-banking applications such as M2U/CIMB Clicks on Android mobile devices for the time being. According to Malaysian Computer Emergency Response Team (MyCERT) website, they have received several reports regarding a malware that targets Maybank2U and CIMB Clicks customers. Based on MyCERT’s initial analysis, they found this campaign uses the Zeus banking malware family as its Modus Operandi in this campaign.

malaysiandigest.com

Federal Commercial Crime Investigation Department deputy director Senior Deputy Comm Datuk Hamza Taib said at least eight people had lost more than RM59,000 this month to the scam. “One victim lost RM10,000. Most of the cases occurred in the Klang Valley,” he told a press conference yesterday.

He explained that those vulnerable to the malware were the ones using BlackBerry and with phones running the Android and Symbian operating systems. “One of the ways to prevent this is to constantly scan the phones using an anti-virus program. Once infected, the only way is to reset the phone,” he said.

malaysiandigest.com

The Federal Police Commercial Crimes Department Deputy Director said victims discovered they were targeted when banks sent notifications about financial transactions. He said the police had already tracked down an account number belonging to a syndicate. “We hope to catch the syndicate members soon.”

Attacker will infect victim's computers with Zeus banker malware which will inject modified contents when users is browsing a legitimate online banking website, as shown in the above sample image of the injected page.

The malware will inject a modified fake contents that looks like a real online banking website when user is browsing a legitimate online banking website, in which the content will request victim's smartphone operating system and mobile number. The malware will SMS to the smartphone a malicious APK and infect the smart phone in order to establish callback with the attackers for further instructions.

malaysiandigest.com

The modified content will prompt user to choose their smartphone Operating System and provide their phone number as well. With the phone number information, attacker will send SMS containing link to a malicious APK known as Zitmo malware to the victim's smartphone, purportedly to be a an online banking verification certificate.

Once the APK is installed in the smartphone, a popup message will appear and the Zitmo malware will attempt to make callback to attacker through SMS and wait for further instruction. Few days later, attacker will login to victim's online banking account using the stolen credentials and perform online transaction successfully by using intercepted TAC number.

malaysiandigest.com

This is the advice of Malaysian Computer Emergency Response Team (MyCERT), which also recommends mobile device and PC users keep their anti-virus and anti-malware software up to date. MyCert said the mobile malware has been discovered since late September 2010 but it is the first time it’s being used in malware campaign targeting Malaysian users.

For smartphone users, it advised: “Verify an app’s permission and the app’s author or publisher before installing. Always run a reputable anti-virus on your smartphone/mobile devices, and keep it up to date regularly.

“Don’t use public Wi-Fi networks for bank transactions and turn off Bluetooth connection when not in use. These can be open windows for eavesdroppers intercepting the transaction or installing spyware and other malware on user’s smartphone/tablet.”

therakyatpost.com