Mobile Banking Trojan Distributed with Sochi Olympics Live Stream Spam


Sports fans warned about mobile malware served via fake Sochi Olympics streaming sitesSome sports fans might want to see the Sochi Olympics from their Android mobile devices. Cybercriminals are aware of this, so they’ve started sending out spam emails that advertise what appears to be a live streaming app.

The emails are entitled “Olympic live stream in Sochi” and they contain a link to a website that hosts an application file called “olympic.apk.”

In reality, this is a banking Trojan identified by Kaspersky as HEUR:Trojan-SMS.AndroidOS.FakeInst.fb. Once it’s installed on a device, the threat contacts a C&C server, and sends it various pieces of information collected from the phone, including contacts.

Then, the malware sends an SMS with the text “BALANS” to a special number of a Russian bank. If the victim is the bank’s customer and uses the company’s mobile service, he/she receives a message with the account balance.

This is where the “fun” starts. The Trojan intercepts all messages so that the victim doesn’t know what’s going on. In the meantime, cybercriminals can transfer up to 10,000 rubles ($285 / €207) from the victim’s account to their own.

The bank in question has not been named by Kaspersky. However, it has been chosen by the cybercriminals because it offers customers mobile banking services which they can abuse.

“Social engineering has always posed a danger. Users should be especially careful during major world events. At the very least, avoid clicking links sent in messages by people you don’t know. There’s always a risk that you’ll fall into a trap and lose quite a bit of money,” Kaspersky Lab Expert Roman Unuchek noted in a blog post.

Check out Kaspersky’s blog for additional details on HEUR: Trojan-SMS.AndroidOS.FakeInst.fb and some recommendations on how to avoid falling victim to such attacks.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s