iBanking is the name of a mobile banking Trojan app distributed through HTML injection attacks on banking sites. iBanking deceives victims impersonating itself as a ‘Security App‘ for Android, we have spoken about it early 2014 when the source code of the mobile malware has been leaked online through an underground forum.
iBanking mobile banking Trojan is available for sale in the underground for $5,000 according the RSA’s FraudAction Group, the malware is used to avoid the security mechanisms implemented by the banking websites, including two-factor authentication.
iBanking could be commanded via SMS or over HTTP beaconing C&C server every pre-defined interval, then pull and execute the command if one is awaiting it. The bot implements the following features:
The above verification page that was designed to request victims, their mobile number in order to verify the Facebook account authenticity. In case the SMS fails to reach the user’s mobile, one of the successive pages was designed to request victim to download an Android app from an URL displayed or reading a QR code proposed on the screen,.
“iBanking, detected by ESET as Android/Spy.Agent.AF, is an application that showcases complex features when compared with other earlier mobile banking malware, such as Perkele. It can be used in conjunction with any malware able to inject code into a webpage and is generally used to redirect incoming SMS messages to bypass two-factor authentication.” reported ESET.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.