Watch out for iBanking Android Rogue on Facebook
How to Avoid Infection
First thing’s first: If you log onto Facebook on your computer and are mysteriously prompted to download a “unique software tool for safe and secure authentication” onto your Android device, do not proceed.
If this occurs, your computer has already been infected and downloading the software will infect your Android device as well. In the event that you are seeing such a prompt, we’d encourage you to seek help at our Help My PC is Infected! support forum. Malware removal is free, even if you are not an Emsisoft customer yet.
The prompt to download a “unique software tool” uses social engineering to try to trick Facebook users into downloading a supposed security app that enables two-factor authentication for their Facebook account. In reality, this “security app” is iBanking, an Android malware that can:
- Intercept real two factor authentication codes sent by real service providers
- Capture any incoming/outgoing SMS text
- Redirect outgoing calls to a pre-programmed phone number
- Capture audio by activating microphone
- Steal metadata – call log and contacts list
iBanking first achieved notoriety back in February, when its source code was leaked on an underground forum, making it widely available to malware authors around the world. Though the malware’s fundamental strategy – infect through web injection and then monitor mobile device activity – is nothing original, its recent appearance on Facebook is a new development and cause for some concern. Simply put: it is much easier and much more cost effective to target a social media website used by billions than it is to target a handful of banking sites that any given user may or may not use. Additionally, the malicious web injection could very easily be confused with a real request to enable two-factor authentication, especially by users who might have been made a tad paranoid about their personal security by the recent Heartbleed crisis.
Protecting Yourself from iBanking
Emsisoft Mobile Security detects the iBanking malware as Android.Trojan.SMSSend.HM (B).
How’s that for a one-two punch?
Have a Great (Mobile-Malware) Free Day!