McAfee Mobile Malware Research Team has discovered an android banking malware targeting Mexican users by posing as a security banking tool or as a banking app designed to report an out-of-service ATM.
In both scenarios, the banking malware depends on the sense of urgency to tempt targets to use the malicious app. If the target falls into a trap, this banking malware steals authentication factors crucial to accessing accounts on the targeted financial institutions in Mexico.
How does this malware spread?
Scammers use malicious phishing page that provides real banking security tips (copied from the original bank site) to lure potential victims into downloading a malicious app as a security tool or as an app to report out-of-service ATM.
Researchers believe scammers are targeting android users by scam phone calls, a common methodology in Latin America. Fortunately, this malicious app has not been identified on Google Play yet, it can only be downloaded through a third-party website.
Here’s how to protect yourself
During the Covid-19 pandemic, financial institutions adopted various new ways to engage the clients. These rapid changes meant customers were more willing to accept new procedures and to install new apps as part of the ‘new normal’ to interact remotely. Seeing this, cyber-criminals introduced new scams and phishing attacks that looked more credible than those in the past.
Android banking users in Mexico are advised to be cautious while accessing emails and attachments, and restrict themselves from downloading an app via unsecured websites. Organizations and individuals should keep their systems updated with the latest security patches for the operating systems and applications. They should also enable multi-factor authentication on their accounts, if possible, McAfee Mobile Malware Research Team advised.
Last month, researchers at the security firm ThreatFabric discovered a banking malware dubbed “Vultur” in Android apps downloaded from Google Play, it attempts to steal banking login information. The Vultur malware used code to recognize when a data entry form is being used by the victim then takes a screen grab, and finally begins keylogging. All of the data captured by the malware is then routed to a site specified by its designers.