Hesperbot. Analysts at IKARUS Security Software GmbH successfully removed a self-locking Android Malware from an infected smartphone



Similar documents
Protecting your business from fraud

Identity Theft Protection

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

F-Secure Mobile Security. Android

Learn to protect yourself from Identity Theft. First National Bank can help.

Cyber Security. Securing Your Mobile and Online Banking Transactions

FAKE ANTIVIRUS MALWARE This information has come from - a very useful resource if you are having computer issues.

Trust Digital Best Practices

The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.

NQ Mobile Security Frequently Asked Questions (FAQs) for Android

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions

Retail/Consumer Client. Internet Banking Awareness and Education Program

The Increasing Threat of Malware for Android Devices. 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them

F-Secure Anti-Virus for Mac 2015

PC Security and Maintenance

Malware, Spyware, Adware, Viruses. Gracie White, Scott Black Information Technology Services

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

ONLINE IDENTITY THEFT KEEP YOURSELF SAFE FROM BESTPRACTICES WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR

Tips for Banking Online Safely

Perception and knowledge of IT threats: the consumer s point of view

Securing Your Business s Bank Account

Don t Fall Victim to Cybercrime:

Computer Security Self-Test: Questions & Scenarios

INFOCOMM SEC RITY. is INCOMPLETE WITHOUT. Be aware, responsible. secure!

Frequent Smart Updates: Used to detect and guard against new infections as well as adding enhancements to Spyware Doctor.

How Spyware and Anti-Spyware Work

U.S. Cellular Mobile Data Security. User Guide Version 00.01

Do you constantly get hammered by pop up ads that come from nowhere and interfere with using your computer?

platforms Android BlackBerry OS ios Windows Phone NOTE: apps But not all apps are safe! malware essential

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security

Comodo Mobile Security for Android Software Version 3.0

F-Secure Anti-Virus for Mac. User's Guide

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

Deter, Detect, Defend

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One

User Guide for the Identity Shield

STOP. THINK. CONNECT. Online Safety Quiz

IKARUS mobile.security for MDM Manual

Computer Protection. Computer Protection. Computer Protection 5/1/2013. Classic Battle of Good vs Evil. David Watterson & Ross Cavazos

MOBILE MALWARE REPORT

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

Identity Theft, Fraud & You. Prepare. Protect. Prevent.

Secure Your Home Computer and Router. Windows 7 Abbreviated Version. LeRoy Luginbill, CISSP

3. Security Security center. Open the Settings app. Tap the Security option. Enable the option Unknown sources.

Cybercrime Prevention and Awareness

Computer Security Maintenance Information and Self-Check Activities

What's the difference between spyware and a virus? What is Scareware?

Cyber Security Awareness. Internet Safety Intro.

Secure Your Mobile Workplace

Digital Consumer s Online Trends and Risks

Welcome to Part 2 of the online course, Spyware and Adware What s in Your Computer?

Payment Fraud and Risk Management

Network Security and the Small Business

Marble & MobileIron Mobile App Risk Mitigation

Infocomm Sec rity is incomplete without U Be aware,

NATIONAL CYBER SECURITY AWARENESS MONTH

3 day Workshop on Cyber Security & Ethical Hacking

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Cybersecurity Best Practices

Types of cyber-attacks. And how to prevent them

AV-TEST Examines 22 Antivirus Apps for Android Smartphones and Tablets

Protection Service for Business

Mobile App Reputation

Almost 400 million people 1 fall victim to cybercrime every year.

Identity Theft Prevention Presented by: Matt Malone Assero Security

Brazosport College VPN Connection Installation and Setup Instructions. Draft 2 March 24, 2005

Best Practices Guide to Electronic Banking

KASPERSKY SMALL OFFICE SECURITY (Version 3) Features List

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Introduction (Contd )

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

Installation Instructions

FAQ. Safe Anywhere PC. Disclaimer:

Recognizing Spam. IT Computer Technical Support Newsletter

Quick Start Guide. www. K7Computing.com

G DATA MOBILE MALWARE REPORT

Netsweeper Whitepaper

Visa CREDIT Card General Guidelines

10 Quick Tips to Mobile Security

Comodo Mobile Security for Android Software Version 2.5

To set up your Android with Good for Enterprise:

Protection from Fraud and Identity Theft

Transcription:

Hesperbot Analysts at IKARUS Security Software GmbH successfully removed a self-locking Android Malware from an infected smartphone Android malware is evolving at an alarming rate and becoming more aggressive and resilient in nature. This shift shows attempts to target bank accounts, messages and other personal information. It seems that cyber criminals are no longer satisfied with what they steal from their victims. Now, they try to inflict damage by other means; the latest case shows sophisticated banking malware that tries to deny all access to the victim s smartphone using crafty software means. Seite 1 von 5

Back in April of 2014, our malware analysts came across a particularly dangerous variant of the Trojan.AndroidOS.Hesperbot (see Figure 1 to view the launcher icon) that, besides stealing personal banking data and personal messages, managed to lock the user completely out of his/her smartphone. The creators of this type of malware used various methods of social engineering, like fear tactics and phishing to trick the user into installing their very secure certificate. Before the smartphone is infected, the victim s PC has to also be infected with an online banking Trojan. This is where the desktop version of Hesperbot (Trojan.Win32.Hesperbot) comes into play. This malware is sent through a phishing mail or downloaded while surfing suspicious websites. If the victim connects to their online bank account, a message gets injected into the website s data stream and it tricks the user to install the android app. After the installation, an activation code is generated (see Figure 2) and also verified on the modified website. At this point, the attacker is aware that someone has fallen for the trick and can start to collect money from the victim s bank account. Shockingly, it does not end here. The mobile app asks the user now for Device Administrator rights, a tool mostly used by MDM Systems and corporate applications. If this permission is granted, the malicious app can prevent itself from being uninstalled. The attacker specifically designed the approval dialog in a way that makes it impossible for the user not to activate the app. The dialog will pop-up again and again and will make the device completely unusable, unless the user selects Activate (see Figure 3). Figure 1: Android launcher menu, presenting the installed Hesperbot under the name Activation. Seite 2 von 5

Figure 2: Hesperbot requesting activation code from the user. The locking of the smartphone only occurs when the user tries to uninstall the certificate App and the malware detects this. Once the malware has administrator rights, Android s built in password protected lock screen activates and locks the smartphone using a password generated by the malware. The generated code is of course unknown to the user. This way all the data that is present on the smartphone will be locked away from the user, rendering the smartphone useless. (See Figure 4.) Figure 3: Attempt to unlock the infected smartphone Seite 3 von 5

Figure 4: Hesperbot requesting administrator rights. Here at IKARUS Security Software GmbH our talented analysis team found a way to unlock smartphones that were infected by Hesperbot and remove the malware, without causing data loss. Since sensitive data on the smartphone cannot be accessed by normal means and the data that we needed was only available to the malware that was sitting on the smartphone, our team had to hack the smartphone and override the installed malware to make it reveal its code for us. Figure 5: Tricking the malware into giving away ist code. Seite 4 von 5

After the code was found (see Figure 5), our team used the malware s own malicious code to generate the password that finally unlocked the infected smartphone. At this point removing the malware (that now became harmless) was a routine task (see Figure 6). Figure 6: Successful uninstallation of Trojan.AndroidOS.Hesperbot We at IKARUS suggest the use of mobile anti-virus to protect your handheld device from viruses like Hesperbot. Our very own IKARUS mobile.security App is capable of doing just that and even more. Check out IKARUS mobile.security in Google Play and make a step towards a more secure Android smartphone. Authors: Sebastian Bachmann, BSc Tibor Éliás, BSc Seite 5 von 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information