The newest cyber attack is named after the Swiss cheese Emmental, because this is what the Android security system looks right now. Android hackers attacked the bank accounts of smartphone users in six countries by convincing them to install a rogue program on their devices. The emails they thought were sent by major retailers contained a malicious attachment. As in any other classical attack of the kind, if the users downloaded the attachment, a malicious software installed on their smartphones.
Google just launched a new security project called Project Zero. The company aims to fight cybercrime all over the internet, because a safe environment will render more clients for the pervasive Google services.
Trend Micro Inc. explains how the Android hackers attacked the banking system
The fraud was discovered by Trend Micro Inc., a security company. Tom Kellermann, Trend Micro Chief Cyber security Officer, stated the damages rise to a couple million dollars, as banks in Austria, Sweden, Switzerland and Japan suffered from the criminal attack. Allegedly, the authors of the attack are based in Romania and Russia, Reuters reports. Russian slang was found in the app code and some logs indicate Romanian origin. There are not enough hints to identify the original location of the attack.
Unfortunately, it is a sign that financial institutions must quickly adapt the login procedures to the mobile apps. Most financial institutions rely on a two stage authentication protocol. Due to the nature of the operation, banks ask for more than one password if you plan to perform mobile online transactions. The first password is the one you already chose, while the second is sent to your mobile device as a text message. The program unwarily installed by fraud victims managed to have access to their bank accounts by redirecting users to fake web pages.
Users thought they are opening emails from well-known retailers. The emails contained an attachment which seemed to be a receipt. Another step of the attack is the luring of users to download a security oriented app from Google Play Store. Through the respective app, hackers manage to get full control of the bank accounts.
After seeing how the Android hackers attacked the banking system, Trend Micro thinks it is time for a new approach in online banking security. One alternative would be a photo recognition system. A physical card reader is another option suggested by the online security company, but that does not seem feasible in a time when smartphone users want to use only one device. As in every similar attack, users must pay particular attention when they access web pages and download attachments.