CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP



Similar documents
MALWARE TOOLS FOR SALE ON THE OPEN WEB

PHISHING IN SEASON TAX TIME MALWARE, PHISHING AND FRAUD

BUGAT TROJAN JOINS THE MOBILE REVOLUTION

ACCOUNT TAKEOVER TO IDENTITY TAKEOVER

Online Services User Guide

U.S. Cellular Mobile Data Security. User Guide Version 00.01

Norton Mobile Privacy Notice

CITADEL TROJAN OUTGROWING ITS ZEUS ORIGINS

NBT BANK MOBILE BANKING. How To Guide

Creating Effective Mobile Advertising Campaigns

10 Quick Tips to Mobile Security

Panda Security Affiliate Program USA

Junos Pulse for Google Android

3. GENERALI MOBILE APPLICATION CONTENT. 3 P a g e

Mobile Iron User Guide

China Search International Introducing Baidu

Welcome to Mobile Banking. Sunflower Bank Mobile Banking Personal User Guide

Malware & Botnets. Botnets

*ROAMpay powered by ROAM

Mobile Banking. Click To Begin

Tutorial on Smartphone Security

Apple Deployment Programs Apple ID for Students: Parent Guide

/ 1. Online Banking User Guide SouthStateBank.com / (800)

What does the First Mobile app do for me? What else can I do with the mobile banking app beyond the basics? Why should I use the mobile banking app?

/ 1. Online Banking User Guide SouthStateBank.com / (800)

Introduction to Android

ReadyNAS OS 6.2. Reviewer s Guide

User Guide FOR TOSHIBA STORAGE PLACE

Protecting against Mobile Attacks

educ Office Remove & create new Outlook profile

NQ Mobile Security Frequently Asked Questions (FAQs) for Android

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

Is there a fee to use U-Deposit? No, U-Deposit is a free*, convenient service provided to UNITED SA Federal Credit Union members.

User s manual for Android Application

MobileMerchant Application Guide

F-Secure Mobile Security. Android

Mobile Banking FAQ for Business

Q A. CWT To Go. Question Categories

Mobile Banking User Guide 2015

Kaspersky Security for Mobile

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

platforms Android BlackBerry OS ios Windows Phone NOTE: apps But not all apps are safe! malware essential

Administrator's Guide

Android Malware Detection Test 手 机 安 全 软 件 病 毒 检 测 率 测 试 Dec. Celebrating Technology Innovation

Two Factor Authentication (TFA; 2FA) is a security process in which two methods of authentication are used to verify who you are.

Android EMM Enrollment

BlackBerry Universal Device Service. Demo Access. AUTHOR: System4u

The software and tools we use to deploy our ipads

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

Offshore Outsourcing. Software Development & Project Management. Website Design & Development. Web Apps for Mobile. Native Apps for ios and Android

Using the Square. within

ONE Mail Direct for Mobile Devices

FAQs about Cyberbanking Mobile Phone. Q1: What services are available via Cyberbanking Mobile Phone?

Multi-Factor Authentication Reference Guide

Five Trends to Track in E-Commerce Fraud

TakeMySelfie ios App Documentation

SMALL BUSINESS HEALTH OPTIONS PROGRAM. Marketplace AGENT/BROKER ENROLLMENT USER GUIDE

PrinterOn Mobile Applications for ios and Android

SoteriaDrive user guide and FAQs

Microsoft Lync 2010 for Android

MOBILE APPS. QA Testing for mobile applications

ROAMpay powered by ROAM

Kaspersky Lab Mobile Device Management Deployment Guide

Contents. 2 Welcome. 20 Settings. 3 Activation Steps. 4 Introduction. 4 Purpose. 20 Offline Mode Change Password. 5 Key Features

NETGEAR genie Apps. User Manual. 350 East Plumeria Drive San Jose, CA USA. August v1.0

MOBILE MALWARE REPORT

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

2-FACTOR AUTHENTICATION WITH

ios App for Mobile Website! Documentation!

Outlook Data File navigate to the PST file that you want to open, select it and choose OK. The file will now appear as a folder in Outlook.

USING YOUR SURESWIPE MOVE CARD MACHINE QUICK REFERENCE GUIDE

a. StarToken controls the loss due to you losing your Internet banking username and password.

RMM/MDM. Quick Reference Guide

Your Guide to PayAnywhere

PRACTICE LINK. Getting Started. version 1.0.x. Digita Support: Digita Sales: digita.com

The Android Developers Guide to 3 rd -Party SDK Assessment and Security

Secure Your Mobile Workplace

Vehicle Monitoring Quick Reference Guide

Booth Gmail Configuration

Comodo Mobile Security for Android Software Version 3.0

PrinterOn Embedded Application For Samsung Printers and MFPs

ESC Mobile App Guide

RingCentral Meetings QuickStart

Mobile Banking Applications Premier Members Mobile User Guide

3. Security Security center. Open the Settings app. Tap the Security option. Enable the option Unknown sources.

Streamlining Web and Security

China Search International. Baidu Guide for Advertisers

Configuring on Mobile Devices

PrinterOn Mobile App for ios and Android

Reviewer Guide Core Functionality

How we keep harmful apps out of Google Play and keep your Android device safe

Protect yourself online

Transcription:

CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP August 2014 RSA agents recently traced a threat actor advertising a mobile credit card store application. The cybercriminal shared the information on his Facebook page, including methods for using the app and links for downloading it. Besides the obvious purpose of selling compromised credentials, launching the application on a mobile device also prompts requests for user permissions, which can give the application the kind of control over the device that is usually associated with malicious malware applications. RSA s open source investigation revealed a cybercriminal openly advertising a CC store (Figure 1) designed as a mobile phone application for Android and iphone devices (a translation follows below). Good evening everybody! Today I ll show a project that I ve been developing for some while... it s an automated credit card shop application that runs on Android and ios, using my web credit card store as database. Remember that I m the first Brazilian programmer to develop a mobile application that sells credit cards. My clients are increasing day by day and I hope that this new system helps them on their shopping. The Android application is already nearly done and the ios one is 60% done (tested on Galaxy S5 and iphone 5S, if it doesn t work on your mobile, send me a message with your model and I ll check!). This message is already long so I won t be giving any more details. Below there s the link for my website to download the app and its link on Google Play! FRAUD REPORT Don t forget to install it on your Android, and next week I hope that ios will get it too! page 1

AVAILABLE IN THE OPEN MARKET The application was made available as a free download on Google Play. The cybercriminal provided the following instructions for using the app: Order a batch of CC credentials Enter personal info App will send banking info in order to make a deposit Wait 24 hours to make a transaction Take photo of the transaction deposit slip for proof, and send it to fraudster Receive CC credentials in return mail In the CC shop website shared by the fraudster, there is a link that automatically starts downloading the application (Figure 2). By clicking on the Android link, an Android binary (APK) is downloaded, but the iphone link displays a message advising the user to wait for a week. A sample of screenshots from the app, with relevant translations, can be found below. 1 Methods of payment: We accept only bank deposits. As soon as you make an order, an order number will appear on the screen with the rest of your registration info and total sum to be paid. After you make the order you have 24 hours to make the payment and send the receipt (can be a photo, scanned or digital receipt for financial@...). Remember that a few cents will be added to the sum to better track the deposit. The client will then receive an email confirmation. We can t guarantee product availability before the money is in the bank account. 2 Delivery time: After the payment confirmation we expect a 2 hour delay for sending the information. When the payment is accounted for by our financial sector, the client will receive confirmation via email. Our objective is for your order to be delivered ASAP. Plan your shopping and choose the best delivery method according to your needs. 3 Information exchange: Offering the best service to our clients with total guarantee is the most important objective for us. We want you to have the best shopping experience possible, so we accept exchange or your money back with no cost. Buttons: Agree / Disagree. page 2

Order code Name Email Package: Gold Quantity: 10 units Payment method: Deposit Total value: R$ 700,15 (Real) Send order Your order was successfully sent! Check your email for deposit info. After the deposit, you ll receive a payment confirmation in the CONFIRMATION menu ANALYSIS OF THE MOBILE APP A deeper look into the Android application shows that it has potential to be used as malware. Upon launching, the app requests a large number of permissions from the user, similar to permissions commonly seen in malicious mobile malware. Some of the permissions requested include: Read and write in Calendar and Contacts Access your location (GPS and network) Call numbers Read and write to protected and to external storage Access to your camera and microphone Access to the device ID and phone status After performing reverse engineering and static code analysis on the application, RSA agents discovered code that could indicate its use as malware. The app has the ability to download and install new applications and functions (such as reading SMS, reading SD cards, etc.). This means the application can update itself later, installing additional applications that can make use of any of the above permissions. page 3

Additional features revealed in analysis of the application: Upon opening the application, it spams the user with two different advertisement banners. The app has access to the external storage, so it can store and install new applications in the external memory space. The app employs anti-sdk methods by reading the Android OS Specs to verify if it is running on a mobile device or on a virtual machine (laboratory testing environment). The app reads the country code and network operator code from the SIM card. Upon installation, the app attempts to access the SMS Service and read SMS messages. It is important to note that the CC store application source code is not featured in the Android binary that was originally downloaded to the device. Instead, the application updates itself as follows: When the application is launched, it downloads the necessary library from the fraudster s server. The library contains the source code providing the functions needed to make the CC store accessible via the user device. The fraudster can change the source code from his side at any time, so that the user application can download a new version and use it without the need to be updated. In some cases, the library is not downloaded, even though internet access is available. This may be due to the app performing an anti-sdk check and only downloading the library if it verifies that it is not running on a virtual machine. CONCLUSION This is the one of the first malicious apps developed by Brazilians for mobile. The different permission requests upon launching may be a sign that the app is also used as malware. Ironically, since cybercriminals are the ones who will use this app to buy CC credentials, they may also become ripped by the developers of the app as well. page 4

AUGUST 2014 Source: RSA Anti-Fraud Command Center Phishing Attacks per Month RSA identified 42,571 phishing attacks in July, marking a 25% increase from June. Based on this figure, RSA estimates phishing cost global organizations $362 million in losses in July. 42,571 Attacks US Bank Types Attacked U.S. regional banks have consistently been hit with 30 35% of phishing volume over the last few months, targeted by about one out of every three attacks. Credit Unions Regional National Top Countries by Attack Volume The U.S. remained the most targeted country in July with 63% of phishing volume. China, the Netherlands, the UK and France were collectively targeted by 20% of total attacks. 6% 5% China Netherlands 63% U.S. 4% UK page 5

Top Countries by Attacked Brands Brands in the U.S., UK, Canada, and India were targeted by half of all phishing attacks in July. 29% U.S. 11% UK Top Hosting Countries There was a surprising spike of hosted phishing attacks in Hong Kong in July at 13%, while the U.S. continued to remain the top hosting country at 36%, despite a 7% decline from June. 36% 13% 6% 5% GLOBAL PHISHING LOSSES JULY 2014 Mobile Transactions and Fraud (Q2 14) In Q2, 33% of banking $ $ transactions $ $ $ originated in the mobile $ $ $ channel. $ $ This $ $ $ $ $ marks a 20% increase in mobile traffic $ $ $ $ $ from 2013, and a 67% increase from $ $ $ $ $ 2012. Among total $ transactions, $ $ $ $ one out every four identified $ fraud $ $ transactions was initiated from a mobile device. 33% 2% 33% 25% page 6

CONTACT US To learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller or visit us at www.emc.com/rsa www.emc.com/rsa 2014 EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective holders. AUG RPT 0814

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information