Malware Camouflage: How Your Banking App Gets Hacked Without You Noticing?

Igor, Business analyst - September 9, 2015
Top
human-digestive-system
chameleon

Malware that exists today cannot be considered as anything less than an actual masterpiece. Decent malware, that is. With today’s efforts dedicated to protection of valuable user data, especially with something as tender and delicate as bank accounts malware is pushed to its limits. It needs to be smart to survive and perform all evil deeds it was tailored to do.

Watch out because minimal capabilities of up-to-date malware include such tricks aimed at avoiding detection as:

  • Usage of anonymous routes;
  • Usage of encryption;
  • You would be surprised, but malware today uses steganography, meaning it conceals harmful some harmful elements inside your own, trustworthy and reliable text, data, etc.

Neverquest, one of the latest pieces of malware that assaulted the financial industry and done a hell lot of damage may be considered as a great example. This little rascal hit 100+ of world’s largest financial institutions in over 25 countries.

Your banking app’s security is flawless, or is it?

How does Neverquest work? It is being installed straight on end-user devices via custom, third-party installers and then does it’s best to get credentials of people who were unlucky enough to accidentally let this piece of malware on their machines. Neverquest is sophisticated enough that it knows how to use social media networks and email against users who own these accounts.

The scary part is that when Neverquest gets its hands on actual credentials actors log into bank accounts directly via end-user devices. This approach makes it hard for financial institutions to spot unexpected or unusual behavior, login is not done from any bizarre location. As an addition transactions are being manipulated from the customer’s system. This way numerous security technologies, techniques and methodologies are easily bypassed. Should I even mention antiviruses are helpless against Neverquest?

That’s not all, folks!

  • Modern malware that is designed to attack banking applications can go far beyond capabilities of Neverquest. First of all most of it is written with usage of obfuscation techniques. This way it is hard for security engineers and researches to fully understand malware and ways it worked even when it was located, quarantined and studied-through. So, basically, it’s really hard to determine both how up-to-date malware works and how to defeat it.
  • Malware tends to heavily use encryption even in its own code thus detection becomes an actual pain in the neck. And, of course, all communications between the malware and the command/control infrastructure behind it are encrypted as well.
  • Information can even be hidden inside pictures. This is easily achieved via combination of steganography and TOR anonymity network. Meaning even a seemingly harmful download of a picture that requires no additional installation may serve as cause of infection with serious malware.
  • Enormous spread. Viruses of Neverquest level have enormous amounts of control centers making it impossible to locate the source. 609 unique command centers were identified in our particular scenario, however they are merely the tip of the iceberg. How many remained unknown?

Where does all of this lead us? Security in today’s world is a vital, essential aspect of both development and QA and can only be trusted to professionals with both years of experience and deep knowledge in the field. They must do more than protect your app on your side. Professionals in security find out ways to protect end-users as they are the ones who need assistance in 9 cases out of 10.

Leave a comment

×