Jump in mobile app and banking scams

In August, GFI threat researchers identified a number of high-profile fake mobile application scams, along with a spike in email scams targeting UK banking and government organizations.

Cybercriminals were found to be operating several websites, masquerading as parts of the UK’s Directgov government information web site, in particular purporting to offer information and access to housing and other social services benefits. The sites were in fact harvesting sensitive personal and financial information from people looking to apply for government benefits.

Leading building society Nationwide was also in the crosshairs, with researchers spotting a new strain of phishing mails purporting to be from the UK’s biggest mutual lender.

The emails featured the return of the often-used “verify your online banking profile”, along with a second strain containing the false claim that a data inconsistency had been detected. In both cases, the subsequent links through to convincing copies of the Nationwide online banking site were intended to capture login details for Nationwide customer accounts.

Scammers continued to prey on users looking to download the official London 2012 Olympics game for the duration of the event, while mobile users also drew the attention of cybercriminals with the OpFake Trojan being distributed under the guise of the now defunct Adobe Mobile Flash Player.

In addition, some versions of the fake application were bundled with adware which rooted the device and downloaded a fake version of the real Flash Player application. The adware software then performed a number of malicious tasks including the theft of the user’s phonebook contacts for advertising purposes and the deployment of pop-ups on the user’s screen.

Other Android users encountered a number of fake mobile antivirus applications masquerading as mobile applications provided by legitimate antivirus companies. The fake applications contained a Boxer malware application which sends SMS messages to a premium number before redirecting the user to another site.

“The past month’s examples show that the world of smartphone applications has firmly become a battleground for scammers and malware writers, keen to take advantage of unsuspecting users,” said Christopher Boyd, senior threat researcher at GFI Software. “Avoiding mobile malware often requires the same preventative tactics associated with traditional malware such as verifying the legitimacy of any unsolicited emails or hyperlinks before installing an unknown application or submitting personal information. However, as we saw this month, the increased activity aimed at mobile devices doesn’t mean traditional attacks, such as desktop malware and email scams, have become any less of a threat.”

GFI Labs also conducted an investigation in August into the mobile applications released by both the Barack Obama and Mitt Romney US presidential campaigns in order to understand if user privacy was being compromised. The Obama and Romney smartphone applications were found to have a number of significant privacy issues that went unnoticed by users who did not read the terms of service agreements before using either application.

In order to use the Romney campaign’s app, users had to sign in through their Facebook account or to provide personally identifiable information such as their name, email and home address. Users who opted to sign in through Facebook gave the app permission to post on their profile page on their behalf and to collect even more data from their Facebook friends. The application was also found to collect other information such as the device ID, carrier and phone number as well as GPS and cell tower locations.