– Online banking on a smartphone and fake advertisements on social networks are two of the latest trends in consumer-targeted security threats, reveals AVG Q3 Threat Report –
MELBOURNE and AMSTERDAM – 25 October 2012 – Consumers who use their smartphones to access online banking services are among the latest targets for cybercriminals, according to the AVG Technologies Q3 Community Powered Threat Report. AVG Technologies (NYSE: AVG), the provider of Internet and mobile security to 128 million active users, today released its Q3 2012 Community Powered Threat Report which shows how opportunistic hackers are tailoring malware known as Zitmo (or Zeus-in-the-Mobile). This turns the smartphones of unsuspecting consumers into botnets, enabling cybercriminals to steal their online banking credentials and empty their bank accounts.
A 2012 PriceWaterhouseCoopers’ report projected that digital banking would become the norm globally by 2015. In Australia, the Big Four banks processed $10 billion in July alone from smartphone banking. Zeus-on-PC malware was originally created to steal details from people’s computers. AVG has been tracking its evolution and has identified how hackers are exploiting the growth in mobile banking by releasing Zitmo for mobile platforms, notably Android, in very controlled attacks.
Currently, Zitmo is targeting Android mobile users in Germany. The attack exploits the two-factor authentication process many banks have put in place to protect their customers including the traditional user/password authentication and a Transaction Authentication Number (TAN), which is sent as a text message to the user’s mobile device. Zitmo intercepts this communication and harvests the details in order to gain access to user bank accounts.
Consumers using social networks were also hit this quarter by an explosion of attacks using the notorious Blackhole Exploit kit that targeted popular social networks including Facebook. The attack left users unable to log-on to their accounts or access any games or applications as cybercriminals coordinated the attacks from multiple external advertising servers, which generated an exceptional increase from 250,000 attacks to over 1.6m recorded events within an eight hour period. Again, those consumers with the latest PC and smartphone security software were protected.
“Zitmo is not new malware as such; but the new ways in which we are seeing cybercriminals use it underlines this worrying trend of socially engineering security attacks to match evolving consumer habits,” said Michael McKinnon, Security Advisor at AVG Technologies AU. “We always recommend consumers exercise care when sourcing and downloading apps onto their smartphones, as unofficial third party sites are usually the best places for cybercriminals to seed malware-ridden versions of popular apps. People get caught out because they cannot tell if they have the malware on their phone, so it’s best to install mobile security software and keep it updated in order to have peace of mind when using mobile banking and social networking services.”
To download the full Q3 2012 Community Powered Threat Report, please visit:
http://www.avg.com.au/files/media/avg_threat_report_2012-q3.pdf
Keep in touch with AVG
- For breaking news, follow AVG on Twitter at twitter.com/avgaunz
- Join our Facebook community at www.facebook.com/avgaunz
- For security trends, analysis, follow the AVG blog at resources.avg.com.au
About the report
The AVG Community Protection Network is an online neighbourhood watch, where community members work to protect each other. Information about the latest threats is collected from customers who participate in the product improvement program and shared with the community to make sure everyone receives the best possible protection.
The AVG Community Powered Threat Report is based on the Community Protection Network traffic and data collected from participating AVG users over a three-month period, followed by analysis by AVG. It provides an overview of web, mobile devices, spam risks and threats. All statistics referenced are obtained from the AVG Community Protection Network.
AVG has focused on building communities that help millions of online participants support each other on computer security issues and actively contribute to AVG’s research efforts.