Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Czech Banks are Under Attack, Clients Lose Money.

260 visualizaciones

Publicado el

On September 24, 2018, the clients of three major Czech banks received a major hit by a mobile malware and have money from their bank accounts stolen. What happened with the QRecorder malware?


Publicado en: Economía y finanzas
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

Czech Banks are Under Attack, Clients Lose Money.

  1. 1. What happened with the QRecorder malware?
 Czech Banks are Under Attack, Clients Lose Money. petr@wultra.com
  2. 2. "Today, the mobile malware threat got very real.
  3. 3. What happened? • Several clients of the Czech banks reported losing money from their bank accounts. • In total, "high tens of thousands" of US dollars were lost. • The users had their Android smartphone infected with mobile malware, Eset was the first to report it. • The police are currently investigating the incident.
  4. 4. Which banks were affected? Affected Not Known to be Affected
  5. 5. More info about the malware • QRecorder: A repackaged app for phone call recording. • Distributed via Google Play, which is a regular channel. • Activated via a remote update in the right moment. Internally, the "Spy.Banker.AIX" malware core was used. • Tailor-made for specific banks. It was able to bypass the additional security measures designed by the banks.
  6. 6. What was the principle of this attack? • The attack was in principle a clever "overlay attack." • The malware was placing an overlay over the regular banking app. It requested sensitive information from the user, pretending a regular mobile app is requesting the info. • After gathering a sufficient amount of the private information, it intercepted SMS OTP sent via bank and took full control over the bank account.
  7. 7. What can banks do? • Invest in App Shielding / RASP technologies to protect their mobile banking apps from overlay attacks and other sophisticated runtime attacks. Learn more → • Be ready and respond fast in the case a similar threat emerges again. • Educate customers, though it would not help in this case, the customers did everything right.
  8. 8. What can app users do? • Install a mobile anti-virus solution. Learn more → • Be alert to changes of behavior of their mobile banking app. • Never enter any credentials intended for the Internet banking into the mobile banking app or any other system than the Internet banking.
  9. 9. Thank you. petr@wultra.com
  10. 10. Resources
  11. 11. Media Coverage (CZ) • https://www.lidovky.cz/byznys/firmy-a-trhy/princip-ktery-vyuziva-skodliva-aplikace-qrecorder-neni- zadnou-novinkou-rika-miroslav-dvorak-z-esetu.A180925_115417_firmy-trhy_pkk • https://www.eset.com/cz/o-nas/pro-novinare/tiskove-zpravy/eset-varuje-pred-nebezpecnou-aplikaci- qrecorder-cili-na-ceske-uzivatele-a-jejich-internetove-bankov/ • http://www.blesk.cz/clanek/digital-mobily/566831/penize-desetitisicu-cechu-ohrozuje-nebezpecny-virus- na-pozoru-by-meli-byt-uzivatele-androidu.html • https://mobil.idnes.cz/nahravac-hovoru-qrecorder-muze-byt-zavirovany-fr0-/mob_tech.aspx? c=A180925_105023_mob_tech_jm • https://www.lidovky.cz/byznys/firmy-a-trhy/princip-ktery-vyuziva-skodliva-aplikace-qrecorder-neni- zadnou-novinkou-rika-miroslav-dvorak-z-esetu.A180925_115417_firmy-trhy_pkk
  12. 12. Media Coverage (CZ) • https://www.chip.cz/novinky/pozor-na-aplikaci-qrecorder/ • https://www.zive.cz/clanky/pozor-aplikace-qrecorder-pro-nahravani-hovoru-krade-hesla-k-bankovnictvi/ sc-3-a-195222/default.aspx • https://www.novinky.cz/internet-a-pc/bezpecnost/484292-desitky-tisic-cechu-ohrozuje-nebezpecny- virus-napada-internetove-bankovnictvi.html • https://www.lupa.cz/aktuality/aplikace-qrecorder-z-google-play-je-nakazena-malwarem-cili-na-ceske- uzivatele/ • https://ct24.ceskatelevize.cz/ekonomika/2604389-na-internetove-bankovnictvi-miri-utok-pres-aplikaci- qrecorder-ohrozeny-jsou-mobily

×