Mobile banking goldmine for cybercriminals

AUCKLAND and AMSTERDAM – 9 November 2012 – Consumers who use their smartphones to access online banking services are among the latest targets for cybercriminals, according to the AVG Technologies Q3 Community Powered Threat Report released today.

AVG predicted growing sophistication in mobile malware earlier in 2012 and the Q3 threat report affirms that suspicion, with mobile cybercrime being the biggest trend of the third quarter. Malware known as Zitmo (or Zeus in the Mobile), a new version of well know malware Zeus-on-PC has recently been spotted, targeting the 1 billion smart phone users globally. AVG has been tracking its evolution and has identified how hackers are exploiting the growth in mobile banking by releasing Zitmo for mobile platforms, notably Android, in very controlled attacks.

A 2012 PriceWaterhouseCoopers’ report projected that digital banking would become the norm globally by 2015. Zitmo exploits the two-factor authentication process many banks have put in place to protect their customers including the traditional user/password authentication and a Transaction Authentication Number (TAN), which is sent as a text message to the user’s mobile device. Zitmo intercepts this communication and stores the details to gain access to user bank accounts.

“Zitmo is not new malware as such; but the new ways in which we are seeing cybercriminals use it underlines this worrying trend of socially engineering security attacks to match evolving consumer habits,” said Michael McKinnon, Security Advisor at AVG Technologies AU. “We always recommend consumers exercise care when sourcing and downloading apps onto their smartphones, as unofficial third party sites are usually the best places for cybercriminals to seed malware-ridden versions of popular apps. People get caught out because they cannot tell if they have the malware on their phone, so it’s best to install mobile security software and keep it updated in order to have peace of mind when using mobile banking and social networking services.”

Consumers using social networks are increasingly at risk as cybercriminals can now buy ready-made malware on subscription. Social networkers were hit this quarter by an explosion of attacks using the notorious Blackhole Exploit kit, the first ‘commercial’ malware. The attack left users unable to log-on to their accounts or access any games or applications as cybercriminals coordinated the attacks from multiple external advertising servers, which generated an exceptional increase from 250,000 attacks to over 1.6m recorded events within an eight hour period.

To download the full Q3 2012 Community Powered Threat Report, please visit: http://www.avg.co.nz/files/media/avg_threat_report_2012-q3.pdf

Keep up to date with our regular threat bulletins on the AVG News & Threats blog.

About the report

The AVG Community Protection Network is an online neighbourhood watch, where community members work to protect each other. Information about the latest threats is collected from customers who participate in the product improvement program and shared with the community to make sure everyone receives the best possible protection.

The AVG Community Powered Threat Report is based on the Community Protection Network traffic and data collected from participating AVG users over a three-month period, followed by analysis by AVG. It provides an overview of web, mobile devices, spam risks and threats. All statistics referenced are obtained from the AVG Community Protection Network.

AVG has focused on building communities that help millions of online participants support each other on computer security issues and actively contribute to AVG’s research efforts.
###
About AVG — www.avg.co.nz
AVG Technologies’ mission is to simplify, optimise and secure the Internet experience, providing peace of mind to a connected world. AVG’s powerful yet easy-to-use software and online services put users in control of their Internet experience. By choosing AVG’s software and services, users become part of a trusted global community that benefits from inherent network effects, mutual protection and support. AVG has grown its user base to 128 million active users as of June 30, 2012 and offers a product portfolio that targets the consumer and small business markets and includes Internet security, PC performance optimisation, online backup, mobile security and identity protection.

© Scoop Media