More articles by

Abhinav Singh
Abhinav Singh


High-tech thieving


Cyber fraudsters using malware and public Wi-Fi system to target smartphones

Recently, theatre and film personality Prakash Belawadi lost Rs90,000 to cyber fraud. Belawadi's wife had some trouble in updating the know your customer (KYC) form provided by her bank. One afternoon, she got a call from a person who said he was calling from the bank to help her fill the form. However, to do that, he said, he would require the one-time password sent to her phone. Without realising that she was falling prey to a cyber fraudster, Belawadi's wife disclosed the OTP.

The husband wondered why a bank employee would need the OTP. His suspicion was proved right when he got a transaction confirmation message for Rs90,000 on his phone. “Do not share your OTP with anyone. We lost Rs90,000 in a matter of seconds,” he says.

Also, be wary of using free Wi-Fi available in public places like malls. P. Raghavendra of Bengaluru has been using a smartphone for the past three years. He has had experiences in the past when strangers have tried to pair their device with his, through the free Wi-Fi network. “I have been pinged by many people when I have tried to connect to the network through my smartphone at many public places,” says Raghavendra, 50, a marketing consultant. “Once, a person tried to make me connect my device to his, but I realised that something was not right and backed out at the last moment. Once the connection is made, a person could hack your phone and access the data stored in it. It is really scary as one could lose critical information.”

With an increase in the number of smartphone users in the country, there has also been a rise in the number of cyber fraud cases. And, in 2016, fraudsters would be using mobile malware to target banking applications and steal the customers' OTP. Expect a wave of financial malware, like SPITMO or spy eye, in the mobile that target Android platform and rooted devices. Once installed on a smartphone, SPITMO provides access to all the smses, which can be sent to a command centre, without any suspicion.

Russian cyber security company Kaspersky Lab in its security bulletin for 2015 has reported that for the first-time ever, mobile financial threats rank among the top 10 malicious programmes (Trojans) designed to steal money. As per the report, in 2015, two families of mobile banking Trojans, Faketoken and Marcher, appeared in the rankings of the top 10 financial malware families. The Marcher programmes steal payment details from Android devices. Those of the Faketoken family work in partnership with computer Trojans, forcing the user to install an application on his smartphone which is actually a Trojan that intercepts the one-time confirmation code (mTAN) or single-use password for online banking transactions.

“It goes without saying that the history of mobile banking Trojans is still being written. More and more new apps are constantly created, and a higher number of efficient techniques are being used by attackers to lure users into their trap,” says Altaf Halde, managing director-South Asia, Kaspersky Lab. “We have also observed a steady rise in the number of Android users being attacked by ransomware. One can thus hardly blame smartphone and tablet owners for being excessively cautious while using financial services. However, despite the growing number of threats for Android, users can safely make mobile payments by protecting their device with a reliable security solution and by considering revising their online habits.”

Of late, the number of apps being used has gone up significantly. However, most users download an app and grant it the permission to access different data points on their smartphone without realising the likely dangers involved. “Every application has a list of permissions it seeks on a device from a user. Most users do not care about the kind of information access they are giving to an app and grant the permission,” says Avinash Kadam, adviser, ISACA India, a cyber security initiative. “One has to be very careful and read the terms and conditions on the level of access one is giving to an app before using it.”


Connecting to public Wi-Fi system makes the smartphones more vulnerable. “By accessing the public Wi-Fi system, a user may be exposing his smartphone to unknown bluetooth and smartphone devices,” says Amit Singh, country manager, Dell SonicWALL. “Also through many e-commerce apps, one could access a user's credit card information, which could then be compromised.”

As per the Dell Security Annual Threat Report 2015, more highly targeted smartphone malware will emerge in the coming months that would target wearable devices via smartphones. The attack on smartphones has been a security concern since mobile devices began to reach widespread adoption, says the report, but it wasn’t until 2014 that smartphone malware began to look and act like its desktop predecessors.

Recent times have seen a variety of Android attacks that mimic the functionalities of PC-based ransomware. Take, for instance, AndroidLocker, a malware that locks down the users’ mobile devices and displays a fake warning from the FBI for viewing, storage, and/ or dissemination of banned pornography. The ransom note demands that the user pay a “fine” within a certain time frame to avoid criminal charges. If the user pays, the phone is unlocked.

Another example is Simplelocker, which uses the same method as AndroidLocker, but it also has a feature to encrypt the files, including documents, images and videos, stored in the mobile device’s SD card. The Dell report warns that pairing of smartphones through bluetooth or Wi-Fi networks would give hackers an easy attack vector, and these devices would become much more enticing as the market grows in the coming months. The next stage would be cyber attackers targeting smartphones through web pages or website links when a user clicks on them. “A hacker will be able to enter a phone through the links or attachments in case a phone user clicks on them or opens the attachment,” says Ajay Dubey, national manager-partners & alliances, Forcepoint. “Through these links the hacker would be able to access a person's phone remotely and have access to banking apps and other information related to the transactions he makes.”

This browser settings will not support to add bookmarks programmatically. Please press Ctrl+D or change settings to bookmark this page.
The Week

Related Reading

    Show more