Cybercriminals are constantly looking for new ways to lure us into doing things that give them access to our online identity. The past month has been no different, with crooks targeting two popular applications in an attempt to target personal details: Facebook and Uber. While they are among the most trusted applications we use, when using them we need to be as vigilant as ever to the threat from potential scams.
Facebook Messenger malware
Imagine one of your friends has just sent you a Facebook message with a link to a YouTube video - pretty innocuous, right? But some security researchers, including David Jacoby from Kaspersky Lab and Frans Rosen from Detectify, noticed something far more sinister in one such link. It might not be from your friend after all - but a cybercriminal trying to infect your computer.
The cybercriminals behind the scam use social engineering to trick the victim into clicking on the link. The message contains the recipient's first name plus the word 'video', e.g. 'David Video', and then a bit.ly link.
The link points to Google Drive, where the victim sees what looks like a playable movie, with a picture of them in the background and what looks like a 'Play' button. If they try to play the video in the Chrome browser, they are redirected to what looks like a YouTube video and asked to install a Chrome extension - which is, in fact, the malware.
The malware waits for the victim to sign in to their Facebook account and steals their login credentials. It also captures information about their Facebook contacts and sends malicious links to their friends - and so the infection continues.
Anyone using a different extension is nagged into updating their Adobe Flash Player instead - but the file they download is adware - earning money for the cybercriminals through advertising.
It's always potentially dangerous to click on links. If you're in any doubt about a link, contact your friend and ask if they really sent it to you. And make sure you protect your devices using Internet security software.
Taxi and ride-sharing app users beware!
The mobile app market is growing, offering more and more services that store confidential financial data, including taxi services and ride-sharing apps that require us to enter bank card information. The fact that these apps are installed on millions of devices worldwide has made them attractive targets for cybercriminals.
Kaspersky Lab researchers have discovered a new modification of the well-known Android mobile banking Trojan Faketoken, which has been further developed to steal credentials from popular taxi applications.
From the malware icon, it seems that Faketoken infiltrates smartphones through bulk SMS messages with a prompt to download pictures. It then hides its shortcut icon and starts background monitoring of everything that happens on the device.
When the victim runs an app that the malware is able to simulate (a banking app, for example), it overlays this with its own fake window to steal the bank card details of the victim. The Trojan has an identical interface, with the same colour schemes and logos, which creates an instant and completely invisible overlay. So victims of the scam may not even realise that they've been infected.
The Trojan also steals all incoming SMS messages and sends them to the cybercriminals' Command-and-Control servers, allowing them to get access to the one-time passcodes sent by some banks to verify online banking transactions, or other messages sent by taxi and ride-sharing services. Faketoken can also monitor the victim's calls, record them, and transmit the data to the cybercriminals' servers.
So far, we've only seen this malware in Russia. But it never takes long for other cybercriminals to jump on a successful bandwagon, so it's likely that this method could be used in other countries.
To protect yourself against the Faketoken Trojan and other Android malware, avoid installing apps from unknown sources - and protect your device with a reliable security solution.