South Korean Bank Customers Targeted with Android Malware
Security researchers at mobile software company Cheetah Mobile have identified a piece of Android malware that’s designed to steal the personal and financial details of South Korean online banking customers.
According to the company, the malware is distributed on third party Android markets disguised as popular games or applications. Once it’s installed on a smartphone, the threat starts searching for the mobile applications provided by South Korean financial institutions like Kookmin, Nong Hyup, Shinhan, Hana N, Woori, Busan and the Korean Federation of Community Credit Cooperatives.
When one of these apps is detected, the malware removes it and replaces it with a rogue version developed by the malware authors. The fake application first asks victims to provide the password to their security certificates, which are used for online banking services, e-commerce and government-related administrative purposes, Cheetah Mobile explained in a blog post.
After it harvests the personal and banking information included in the certificate, the malicious app instructs victims to provide their bank account number, passwords, and the security card number issued by the bank when an account is created. Finally, victims are presented with an error message informing them that there’s no Internet connection, after which the malware removes all traces of itself from the infected device.
“With the information that they stole, the hackers can apply for a new certificate, which they then use to freely access the victim’s bank account,” Cheetah Mobile said.
In its blog post published on Wednesday, the company said it had identified over 3,000 infections in the last week. However, considering that there are around 30 million Android users in Korea, the company estimates that the infection rate is now over 100,000, Cheetah Mobile representatives told SecurityWeek.
Cheetah Mobile, which develops a mobile security application called CM Security, is a subsidiary of Kingsoft Corp. The company’s initial public offering in May raised roughly $168 million for the firm.
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
- Cybersecurity M&A Roundup: 36 Deals Announced in May 2023
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- Apple Denies Helping US Government Hack Russian iPhones
- Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
Latest News
- Dozens of Malicious Extensions Found in Chrome Web Store
- What if the Current AI Hype Is a Dead End?
- Microsoft Makes SMB Signing Default Requirement in Windows 11 to Boost Security
- Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities
- Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards
- SBOMs – Software Supply Chain Security’s Future or Fantasy?
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
- Cybersecurity M&A Roundup: 36 Deals Announced in May 2023
