A banking Trojan, known as 'Cerberus', is luring users and stealing their financial data on smartphones, prompting the Interpol to alert member countries. Based on inputs received from Interpol, the CBI on Tuesday issued an alert to all states, union territories and central agencies, warning them about 'Cerberus'.
CBI officials said this malicious software takes advantage of COVID-19 to impersonate and send SMS using the lure of the pandemic related content to make users download an embedded malicious link. This link deploys its malicious app usually spread via phishing campaigns to trick users into installing it on their smartphones.
This Trojan primarily focuses on stealing financial data such as credit card numbers, said the CBI alert. In addition, it can use overlay attacks to trick victims into providing personal information and can capture two-factor authentication details.
Dr Muktesh Chander , founder-director of the National Critical information Infrastructure Protection Centre (NCIIPC) said since the pandemic has broken out, there are many fake, fraudulent and malicious websites have come up which use the COVID vocabulary to attract internet users, who are searching information about the pandemic. Once the user clicks on these websites, a malicious spyware would be sent to the computer and the system would be compromised. Similar fraudulent apps have been created and a click on them can compromise the mobile data.
Dr Chander said cyber security agencies across the world are aware of this growing threat in the cyberspace which is why the Interpol is helping member countries to share concerns and warn citizens about the increasing cyber threats.
The NCIIPC is the national nodal agency to protect data in critical infrastructures like railways and airports.
Sources said the sudden rush to use the online booking platforms for railways and flights post pandemic lockdown is also providing an opportunity to the cyber criminals to hack into systems. The government agencies need to build safeguards and citizens need to be aware about identifying the right platforms so that they do not fall prey to cyber frauds, said an expert.
Dr Chander cited an example of how bulk messaging platforms are also being used to spread fake messages using government or health ministry logos, informing the user through a fake message that someone close to him has been tested positive. To find the COVID-19 positive person’s name, the user is then asked to click on a link provided in the SMS. Once the link is clicked, the phone is compromised and any financial or banking data on it is accessed by the cyber criminals. “ It is very difficult to find out whether the bulk SMS are fake or original. They carry the same logos and website names,” said Dr Chander.
Dr Chander said the trend of cyber criminals using current happenings around the world to build spywares and malwares that can catch attention easily is common. It could be Olympics when the sporting events are going on, and now it is COVID-19 that is catching the eye of cyber criminals.
Cyber expert and advocate Dr Prashant Mali said cyber threat has multiplied because of collective free time of various hacking gangs coupled with lethargic infosec teams or security vendors who are functioning with only 50 per cent of their working capacity. “This gets further complicated when organisations reduce their cybersecurity spending,” he said.
Mali said it is time that the government and public and private organisations focus on cyber security safeguards and inbuilt mechanisms to prepare for a future that will witness more threats from viruses in cyber space.