Cyber crime 3.0: malicious app targeting mTANs
G Data discovers supposed security certificate for Android mobile devices
Smartphones and tablet PCs are among the devices used in the two-way authentication process. As part of this process, the bank sends an SMS with the transaction number (TAN) to the smartphone or tablet. This means that these devices are worthwhile targets for 3.0 cyber criminals, because many users do not install security solutions on their mobile devices.
In this case, the perpetrators claim to be working for Postbank customer support and send out millions of fake service emails asking the recipients to install the supposed "SSL certificate app". Instead of a banking security app, they end up installing malware that instantly forwards all mTANs it encounters to the criminals.
Example of an email claiming to be from Postbank:
When accessed from a mobile device, the link contained in the email text leads to a primed website with a Postbank banner, which provides the supposed security app and installation instructions. If the website is accessed from a PC, users just get a message stating that the certificate has been installed successfully.
Screenshot of the website with installation instructions and the malicious app for downloading:
Once the app has been installed, the user is prompted to enter his account number and PINs. In addition, the program requests a range of authorisations, which enable it to access incoming SMS messages among other things. The perpetrators are thus able to steal data required for online banking transactions. This enables the cyber criminals to manipulate bank transfer transactions.