Menu
Android malware targets South Korean online banking customers

Android malware targets South Korean online banking customers

Thousands have been infected by malware masquerading as a legitimate banking application, Cheetah Mobile said

Thousands of Android users in South Korea have been infected by online banking malware that looks very similar to the legitimate banking application, according to Cheetah Mobile, a Chinese mobile security company.

Thousands of Android users in South Korea have been infected by online banking malware that looks very similar to the legitimate banking application, according to Cheetah Mobile, a Chinese mobile security company.

Malicious software that swaps itself for legitimate online banking applications is striking users in South Korea, with thousands of devices infected in the last week, according to a Chinese mobile security company.

Cheetah Mobile, formerly known as Kingsoft Internet Security Software, wrote that the banking malware masquerades as a popular game or tool on third-party Android application markets.

Google checks Android applications in its Play store for malicious behavior, but third-party marketplaces are often rife with malicious applications. Security experts advise caution when using such sources for applications.

If the malicious application is installed, it scans for the official applications of South Korean banks including Nong Hyup, Shinhan, Kookmin, Woori, Hana, Busan and the Korean Federation of Community Credit Cooperatives, Cheetah Mobile wrote.

The malware then displays an alert that states that the online banking application needs to be updated. If the update is approved by a user, the malware deletes the legitimate application and replaces it with a similar looking but malicious copy. More than 2,000 variations of the malware have been detected by Cheetah.

It then asks for the password for the user's security certificate, which is required by the South Korean government in order to access many online services in the country. It also requests a bank account number, passwords and another security number issued to users when they opened an account, Cheetah Mobile wrote.

The malware then falsely alleges there isn't a data connection. When that message is closed by a user, the malware deletes itself from the devices having already stolen all of the information it needs, Cheetah Mobile wrote. The attackers use the information to apply for a new security certificate in order to access the victim's account.

Cheetah Mobile, which makes several security software programs and utilities for Android devices, said it detected between 3,000 to 6,000 infections per day between June 17 and Tuesday.

"This virus is very stubborn and can be hard to remove," it said.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags fraudmalwaremobile securityCheetah Mobile

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments