Security experts are warning that Android users should brace for a potential spike in hacking attacks after the source code and step-by-step instructions about a piece of malware designed to steal banking credentials was leaked online via an underground forum. Alex Mathews, lead security evangelist at Positive Technologies commented below.
Alex Mathews, Lead Security Evangelist at Positive Technologies:
“If an attacker gets this Trojan source code he can target different applications by replacing the phishing activities with those he needs. It’s not a problem to extract login screen from legit application available on the market, then copy it and embed into a malware apk file. That’s why the number of similar malware species is expected to increase and this Trojan can appear in other countries too.
“To protect yourself from this kind of Trojan you shouldn’t visit suspicious links or install applications from untrusted sources such as third-party markets and applications from websites.
“You can also check out Settings -> Security -> Device Administrators and disable the privileged access for applications you don’t trust.
“Two-factor authentication that involves standalone hardware token generators can mitigate the risk of such attacks. Otherwise malware can read one-time-passwords from SMS or get OTP from a token generating app on the same device.”
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.