Mobile banking goldmine for cybercriminals
AUCKLAND and AMSTERDAM – 9 November 2012 – Consumers who use their smartphones to access online banking services are among the latest targets
for cybercriminals, according to the AVG Technologies Q3 Community Powered Threat Report released today.
AVG predicted growing sophistication in mobile malware earlier in 2012 and the Q3 threat report affirms that suspicion,
with mobile cybercrime being the biggest trend of the third quarter. Malware known as Zitmo (or Zeus in the Mobile), a
new version of well know malware Zeus-on-PC has recently been spotted, targeting the 1 billion smart phone users
globally. AVG has been tracking its evolution and has identified how hackers are exploiting the growth in mobile banking
by releasing Zitmo for mobile platforms, notably Android, in very controlled attacks.
A 2012 PriceWaterhouseCoopers’ report <http://press.pwc.com/GLOBAL/digital-banking-to-be-the-norm-by-2015-/s/9d93ee5e-8fce-492a-82a7-368f0d23311c> projected that digital banking would become the norm globally by 2015. Zitmo exploits the two-factor authentication
process many banks have put in place to protect their customers including the traditional user/password authentication
and a Transaction Authentication Number (TAN), which is sent as a text message to the user’s mobile device. Zitmo
intercepts this communication and stores the details to gain access to user bank accounts.
“Zitmo is not new malware as such; but the new ways in which we are seeing cybercriminals use it underlines this
worrying trend of socially engineering security attacks to match evolving consumer habits,” said Michael McKinnon,
Security Advisor at AVG Technologies AU. “We always recommend consumers exercise care when sourcing and downloading apps
onto their smartphones, as unofficial third party sites are usually the best places for cybercriminals to seed
malware-ridden versions of popular apps. People get caught out because they cannot tell if they have the malware on
their phone, so it’s best to install mobile security software and keep it updated in order to have peace of mind when
using mobile banking and social networking services.”
Consumers using social networks are increasingly at risk as cybercriminals can now buy ready-made malware on
subscription. Social networkers were hit this quarter by an explosion of attacks using the notorious Blackhole Exploit
kit, the first ‘commercial’ malware. The attack left users unable to log-on to their accounts or access any games or
applications as cybercriminals coordinated the attacks from multiple external advertising servers, which generated an
exceptional increase from 250,000 attacks to over 1.6m recorded events within an eight hour period.
To download the full Q3 2012 Community Powered Threat Report, please visit: http://www.avg.co.nz/files/media/avg_threat_report_2012-q3.pdf <http://www.avg.co.nz/files/media/avg_threat_report_2012-q3.pdf>
Keep up to date with our regular threat bulletins on the AVG News & Threats <http://blogs.avg.com/news-threats/> blog.
About the report
The AVG Community Protection Network is an online neighbourhood watch, where community members work to protect each
other. Information about the latest threats is collected from customers who participate in the product improvement
program and shared with the community to make sure everyone receives the best possible protection.
The AVG Community Powered Threat Report is based on the Community Protection Network traffic and data collected from
participating AVG users over a three-month period, followed by analysis by AVG. It provides an overview of web, mobile
devices, spam risks and threats. All statistics referenced are obtained from the AVG Community Protection Network.
AVG has focused on building communities that help millions of online participants support each other on computer
security issues and actively contribute to AVG’s research efforts.
###
About AVG — www.avg.co.nz <http://www.avg.co.nz/?utm_source=avgt>
AVG Technologies’ mission is to simplify, optimise and secure the Internet experience, providing peace of mind to a
connected world. AVG’s powerful yet easy-to-use software and online services put users in control of their Internet
experience. By choosing AVG’s software and services, users become part of a trusted global community that benefits from
inherent network effects, mutual protection and support. AVG has grown its user base to 128 million active users as of
June 30, 2012 and offers a product portfolio that targets the consumer and small business markets and includes Internet
security, PC performance optimisation, online backup, mobile security and identity protection.