‘KorBanker’ steals SMS messages, takes authentication codes in the process

For a year, Android users have been the target of malware known as “KorBanker,” which now steals SMS messages, including sensitive information contained in texts, like verification codes and location data.

According to FireEye, which discovered KorBanker and tracked its evolution, the threat has primarily infected devices in Korea. In just under two months, attackers stole 10,000 SMS messages from 96 devices, the firm revealed in a Wednesday blog post.

In an interview with SCMagazine.com, FireEye malware researcher Hitesh Dharmdasani, the author of the post, said that the firm analyzed data exfiltrated over a 55 day period this spring.

More recently, a spike in KorBanker infections was seen starting Aug. 1 when more than 1,700 devices were impacted, he revealed via the blog.

In a chart, FireEye showed that attackers often intercepted texts containing location data – information gleaned when victims sent GPS information using Google Maps. Many of the stolen SMS messages, however, contained user authentication codes sent over text, including two factor verification codes for Google and Facebook. Passwords for virtual private network (VPN) services were also purloined by attackers, FireEye found.

Read the Full Article: Source – SC Magazine

source not found

Related Article

Leave a Reply