Malware masquerading as a WhatsApp update has the ability to access the banking apps stored elsewhere on your phone, experts have warned.
There have been several cases reported of unsuspecting Android users trying to update the popular messaging app, but instead they have accidentally installed sneaky software that steals data.
This follows reports of a separate piece of malware, also targeting WhatsApp users, that is spread using emails sent from criminals pretending to be from the Californian company.
Unsuspecting Android users trying to update WhatsApp have instead ended up accidentally installing software that steals their data. It follows reports of a separate piece of malware, also targeting WhatsApp users, that is spread using emails (pictured) sent from criminals pretending to be from the Californian firm
The malicious emails are sent with subject lines such as 'an audio memo was missed' or 'You have a video announcement' in order to entice people to click on the message and spread the malware.
However, all of these messages end in random characters - such as 'xgod' or 'Ydkpda' - that may be used to identify an unsuspecting recipient, according to security firm Comodo Labs.
The messages themselves contain a compressed (zip) file harbouring the malicious software, which if clicked upon rapidly infects a computer's file system and could be used by criminals to control the machine.
Fatih Orhan, director of technology for Comodo, warned: 'Cybercriminals are becoming more and more like marketers - trying to use creative subject lines to have unsuspecting emails be clicked and opened to spread malware'.
Dave Palmer, director of technology at Darktrace told MailOnline: 'Tricking people into visiting hostile websites or open malicious documents is still an extremely common and successful means of hacking companies.
'It is no surprise that attackers have moved from using email, Facebook and LinkedIn to popular messaging services like WhatsApp.'
The banking malware was revealed by, and affects the customers of, The Association of Banks in Singapore (ABS).
It has warned its mobile banking users about a bogus WhatsApp update.
The malware takes the form of a pop-up advert, which encourages people to click on it to download the new version of WhatsApp, or risk losing access to the messaging app.
Of course the software has nothing to do with its Californian developers.
Users who fall for the trick and download the fake 'update' are prompted to share confidential information with the devious cyber criminals behind it, such as their credit card details, which could be used to commit fraud.
The malware also steals data and sends details of mobile banking transactions, according to ABS.
There is no news about whether money has successfully been stolen from people's accounts using the scam yet.
'ABS would like to remind mobile banking customers that smartphones are as susceptible to malware as desktop computers or laptops,' Ong-Ang Ai Boon, director of ABS said.
'Consumers are reminded to download applications only from trusted sources.'
The malicious emails are sent with subject lines such as 'an audio memo was missed' or 'You have a video announcement'. Elsewhere, the banking app malware takes the form of a pop-up advert, which encourages people to click on it to download the new version of WhatsApp (official icon shown), or risk losing access to it
Users who download the fake 'update' are prompted to share confidential information with the devious cybercriminals behind it (illustrated), such as their credit card details, which could be used to commit fraud
Craig Young, security researcher at Tripwire, told MailOnline that Android users in the UK and US should remain 'largely unaffected' by the malware as long as they don't install apps from outside of Google's Play Store.
'Users who are most at risk are those looking to download apps from the less regulated third-party markets which are very prevalent in some parts of the world,' he said.
According to a 2014 malware report by Motive Security Labs mobile malware infections increased by 25 per cent in 2014, compared with 20 per cent for 2013 globally.
The report estimated around 16 million mobile devices worldwide were infected by malware.
ABS has advised people to be install anti-virus software on their smartphone and only to install apps from trusted sourced such as Google Play.
'Only click on hyperlinks from messages and emails if they are from a trusted source,' it said.
MATURE CONSUMERS ARE MORE CAREFUL ONLINE, BUT YOUNGSTERS ARE SAVVIER ABOUT SPOTTING DANGERS
When it comes to staying safe online, consumers aged 45 and over are more cautious than younger internet users about sharing information.
However, they can lack the knowledge to spot a damaging scam or imminent threat, unlike younger users, according to a survey by security firm Kaspersky Lab.
It found that those aged 24 and under are likely to share data online, with 83 per cent sending private messages compared to just 45 per cent of over 45s.
Perhaps unsurprisingly, three times as many young people admit to sharing explicit content online at least once, at 23 per cent compared to seven per cent of older survey participants.
When it comes to staying safe online, consumers aged 45 and over (stock image) are more cautious than younger internet users about sharing information
The younger generation is more impatient when it comes to installing software and downloading files, with just over a quarter saying they skip through the details of terms and conditions when installing software.
This could mean that they don't know what kind of data they have just granted access to, what additional programs they might have installed or how their OS settings could have been changed. However, just 12 per cent of the over 45s ignore the small print.
Younger people are also more careless when it comes to downloading files, with one in three downloading them from different sources, compared to 10 per cent of more mature users.
However, when presented with a potential threat, younger people are more experienced at spotting malware, Kaspersky said.
In an experiment, when asked to download a song from four samples, one in three young people chose the most dangerous '.exe' file, compared to almost half of those aged over 45.
It is not surprising that in the light of their less restrained online behaviour, younger people are more likely to find themselves hit by a malware infection.
A total of 57 per cent of under 24s were affected in 2015, compared to 34 per cent of older users.
'It is important that users of all ages are cautious and vigilant online and aware of the potential threats, regardless of how often they use the Internet and what they use it for,' said David Emm, principal security researcher at Kaspersky Lab.
'People should also have a security solution in place that provides them with total protection when downloading and installing files and communicating online.
0 nhận xét:
Đăng nhận xét