Australia’s banks and some big businesses are under attack from targeted malware which is risking the financial information of millions of customers.
The Australian Government has this afternoon issued a warning, saying the trojan is targeting Australian Banking customers under the guise of a ‘security update’.
The malware causing all the trouble is banking tojan Hesperbot, a virus which spreads through phishing emails, infecting mobile devices running Android, Symbian and Blackberry.
Federal Government initiative, Stay Safe Online has today issued a high priority alert on the threat.
Virus protection company ESET first detected Hesperbot in November last year and is now reporting a surge in the number of attacks on the customers of Australian banks and large enterprise.
It all sounds pretty scary with the virus capable of logging key strokes, taking screenshots, capturing video and setting up a remote proxy – all with the objective of obtaining bank account log in details.
“Hesperbot malware is also capable of updating itself, downloading additional malicious modules from its command and control server (which controls the botnet) and sending any data it has stolen back to the controllers,” the Stay Safe Online notice said.
According to ESET’s research division Australia is now ranked number three on the list of countries most infected by Hesperbot with Turkey and the Czech Republic coming in first and second place.
“In Australia the malicious banking app component (or ‘security update’) is currently being presented as ‘NetCode Smartphone Security’. You might mistakenly download this after seeing a pop up notification, caused by the malware, advising that you need to install this ‘security update’ or ‘app’, in order to use your online banking,” Stay Safe Online said.
A NAB spokesperson said the bank is continuously tracking the evolution of advanced malware like Hesperbot to ensure customer safety.
ESET malware researcher Sieng Chye Oh said users won’t see system slowdowns or other visual give-aways.
“Victims may notice suspicious web forms on their online banking website (such as in the Hesperbot case, the instructions to install the mobile component), however, if the malware doesn’t use web-injection scripts, it won’t have such visual signs and can still intercept login credentials and other sensitive data,” he said.
“So I would advocate yes – use common sense so as to avoid social engineering techniques used by malware operators, but also use technical defences (such as keep all your software up-to-date and use an anti-virus) to avoid the ‘technical’ tricks they use.”