WELCOME !

THANK YOU FOR VISITING THIS SITE. I HAVE BEEN USING BOTH SWAHILI AND ENGLISH LANGUAGE TO EXPRESS ISSUES - I HAVE ATTACHED ENGLISH VERSION TO SOME OF THE SWAHILI NEWS/STORY AT THE END.

Friday, 11 April 2014

AWARENESS: ANDROID BOTNET TARGETS MIDDLE EAST BANKS

Online banking has made most people’s life easy due to the fact that banking can be done just about anywhere as long as you are connected with internet. People made use of it for buying things online, paying bills and do some other transactions. Just like every story line with two sides, this most excitement experience keeps on showing its dark side simply because cybercriminals extend its target to it” – Yusuph Kileo
“I recently encountered a botnet targeting Android smartphone users who bank at financial institutions in the Middle East. The crude yet remarkably effective mobile bot that powers this whole operation comes disguised as one of several online banking apps, has infected more than 2,700 phones, and has intercepted at least 28,000 text messages.” – Krebs


The botnet comes bundled with Android apps made to look like mobile two-factor authentication modules for various banks, including Riyad Bank, SAAB (formerly the Saudi British Bank), AlAhliOnline (National Commercial Bank), Al Rajhi Bank, and Arab National Bank.

PICTURE: A fake android bank apps employed by the sandroid botnet

It’s not clear how the apps are initially presented to victims, but if previous such scams are any indication they are likely offered after infecting the victim’s computer with a password-stealing banking Trojan. Many banks send customers text messages containing one-time codes that are used to supplement a username and password when the customer logs on to the bank’s Web site. And that precaution of course requires attackers interested in compromising those accounts to also hack the would-be victim’s phone.
Banking Trojans — particularly those targeting customers of financial institutions outside of the United States — will often throw up a browser pop-up box that mimics the bank and asks the user to download a “security application” on their mobile phones. Those apps are instead phony programs that merely intercept and then relay the victim’s incoming SMS messages to the botnet master, who can then use the code along with the victim’s banking username and password to log in as the victim.


PICTURE: Some text message intercepted by the sandroid botnet malware.

This particular botnet appears to have been active for at least the past year, and the mobile malware associated with it has been documented by both Symantec and Trend Micro. The malware itself seems to be heavily detected by most of the antivirus products on the market, but then again it’s likely that few — if any — of these users are running antivirus applications on their mobile devices.
In addition, this fake bank campaign appears to have previously targeted Facebook, as well as banks in Australia and Spain, including Caixa Bank, Commonwealth Bank, National Australia Bank, and St. George Bank.

People often asked if people should be using mobile antivirus products. From my perspective, most of these malicious apps don’t just install themselves; they require the user to participate in the fraud. Keeping your mobile device free of malware involves following some of the same steps outlined in my Tools for a Safer PC and 3 Rules primers: Chiefly, if you didn’t go looking for it, don’t install it! If you own an Android device and wish to install an application, do your homework before installing the program. That means spending a few moments to research the app in question, and not installing apps that are of dubious provenance. 

That said, this malware appears to be well-detected by mobile antivirus solutions. Many antivirus firms offer free mobile versions of their products. Some are free, and others are free for the initial use — they will scan and remove malware for free but charge for yearly subscriptions. Some of the free offerings include AVG, Avast, Avira, Bitdefender and others.

Incidentally, the mobile phone number used to intercept all of the text messages is +79154369077, which traces back to a subscriber in Moscow on the Mobile Telesystemsnetwork.

I call upon android user in Tanzanians and mostly to those who uses their phone to perform transaction to be aware of this new cyber challenge as it looks like growing extremely fast. I have said it in most of my interview with medias in Dar-es-salaam regarding security challenges we have on mobile phone and I would like to repeat on this matter as we all need to generate habit of making use of antiviruses on our phones.