Published on January 18th, 2016 | by admin
Symantec: Android ransomware hijacking incoming calls
An update to The Android.Bankosy financial Trojan enables the malware to steal passwords from voice call-based two-factor authentication, according to new Symantec research.
Once installed, the malware opens a back door that enables unconditional call forwarding and silent mode on the device so the victim is not alerted during incoming calls. Once this is set, the attacker—who has already stolen the victim’s credentials (the first factor in two-factor authentication)—can steal authorisation tokens from voice calls and initiate a fraudulent financial transaction.
Symantec has verified the malware targets phone carriers in the Asia Pacific region. To protect against mobile threat like this one, Symantec recommends users:
- Keep software up to date
- Refrain from downloading apps from unfamiliar sites
- Only install apps from trusted sources
- Pay close attention to the permissions requested by an app
- Install a suitable mobile security app, such as Norton, in order to protect your device and data
- Make frequent backups of important data
You can read more about the Android.Bankosy update on Symantec’s blog