2019 for some Russian banks was marked by not very pleasant events, namely the theft of funds from customer accounts. The choice of hackers fell on users of mobile applications of banks. The theft of funds was carried out using a new virus for the android platform. RosBusinessConsulting found that so far only two banks have been attacked by the virus.
A new type of malware
The first attack of the virus occurred in the spring of 2019 and affected several European, Indian and American banks. This became possible after the modification of the Android mobile Trojan 'Gustuff' with the auto-fill function.
This new type of malicious software has a significant difference from others. He can independently make an automatic transfer of money from the user's account to the attacker's account. All actions take place completely without the knowledge of the owner of the device.
Previously, these manipulations were not available. Viruses of the past (banking Trojans) had a limited range of activities:
- were able to create fake windows for entering card data on a smartphone;
- intercepted a message containing a code to confirm the transaction.
Who has already been affected by the virus
It is known that the first victims in Russia were the clients of Post Bank and Moscow Credit Bank. In Rosbank, VTB and Raiffeisenbank, no such cases were recorded.
Bank customers exposed to the new type of virus can track the infection of their devices and, if necessary, alert management.
The management itself takes the necessary measures to identify the operations carried out by the malicious program:
- transactional analytics;
- comparison of uncharacteristic activity for the user with the level of risk of infection of his device.
The antivirus company Kaspersky Lab also confirms the emergence of a new type of Trojans, but there are only a few cases of specific exposure and theft.
The total amount of stolen funds on the android platform in the period from July 2018 to June 2019 amounted to 110 million rubles. However, this figure is almost two times less than a year earlier.
The number of hacker groups has also dropped from eight to five. Because the owners of large botnets were detained. Therefore, most of the unscrupulous programmers switched to the international market. However, a small number of cybercriminals still managed to modify applications to embezzle funds from users in Russia.
How does infection occur
Most often, a smartphone is infected by downloading and installing viral software.
Hackers disguise viruses as links to download games, browsers, books, and various files. Then they are placed on adult sites, sites with pirated films and games, torrent trackers, or sent by e-mail.
Then the smartphone independently performs the functions of withdrawing money without the user's knowledge.
In connection with the embezzlement that occurred, banks are trying to protect their customers from fraudsters. For example, by developing and introducing new means of protection, such as an anti-fraud system. This service was created for multi-stage verification of payments through special filters. However, the owner of a mobile banking application should also pay attention to possible suspicious debiting of funds from his account. If you find any, contact the bank.