IBM security researchers reported that mobile banking trojans are targeting crypto-currencies to steal the victims’ funds.
Due to the massive jump in the crypto-currencies value during the past year, the malware attacks aiming to steal users’ coins have increased significantly.
Despite the fact that by now most of the malicious attacks involved PC malware, the latest incidents proved that mobile threats should certainly not be ignored.
A while ago, the IBM security experts noticed that the TrickBot Trojan was using web injections to steal the victims’ crypto-currencies by replacing legitimate addresses with those of the hackers.
According to the IBM researchers, mobile malware operates in a rather similar way, however, it is now using screen overlays to trick victims into sending funds to the hackers instead.
The IBM experts also claim that mobile malware targeting crypto-coins usually leverages malicious miners to collect coins, however, given the limited processing power a mobile device has, this practice is not that profitable.
Besides, it’s easier for users to spot a mining operation on their mobile device when they notice faster battery drain, low performance, and overheating.
“Crooks operating mobile banking Trojans don’t install miners on the device. Rather, they typically steal existing coins from unsuspecting owners using mobile malware that creates the same effect as webinjections: cybercriminals trick users with fake on-screen information, steal their access credentials and take over accounts to empty coins into their own wallets,” IBM states.
Among the mobile malware families which can detect the application opened on a mobile device are BankBot, ExoBot, Mazar, and Marcher.
Based on the launched application, these trojans are capable of displaying a hardcoded or dynamically fetched overlay and hiding the legitimate app screen behind a fake one.
Due to the above-mentioned, users reveal their credentials to the cybercriminals, who can abuse them to access the victim’s account.
In case a second-factor authorization is required, the malware can hijack it from the compromised device without the users’ knowledge.
According to the security experts, this method has been usually employed in attacks targeting bank accounts, but recently it has been adapted for stealing crypto-coins as well.
The researchers reported that BankBot and Marcher trojans have been already packed with the necessary functionality to overlay a fake screen once the victim opens relevant wallet applications.
According to IBM, the mobile malware targets various virtual currencies, such as Bitcoin, Bitcoin Cash, Ethereum, Litecoin, Monero, etc.
