iBanking is nothing but a mobile banking Trojan app which impersonates itself as a so-called 'Security App' for Android devices and distributed through HTML injection attacks on banking sites, in order to deceive its victims.

Recently, its source code has been leaked online through an underground forum that gave the opportunities to a larger number of cyber criminals to launch attacks using this kind of ready-made mobile malware.

The malicious iBanking app installed on victims’ phone has capabilities to spy on user’s communications. The bot allows an attacker to spoof SMS, redirect calls to any pre-defined phone number, capture audio using the device's microphone and steal other confidential data like call history log and the phone book contacts.

According to new report from ESET security researchers, now this iBanking Trojan (Android/Spy.Agent.AF) is targeting Facebook users by tricking them to download a malware application.

The malware uses JavaScript web injection method to create a fake Facebook Verification page for Facebook users, as shown:

Injected fake verification page prompts users to enter their mobile number in order to verify the Facebook account authenticity, and then shows the following page if he indicates that his mobile is running Android.

Next fake page asks victim to download an Android app from the shown URL or using QR code method, if SMS somehow fails to reach the user’s phone. Once downloaded and installed, the malware connects to its command-and-control server that allows attackers to issue commands to each infected device.

Facebook also has two-factor authentication features for quite a long time, but this is the very first time when Facebook users are targeted by iBanking Trojan. The reason may be an increasing number of people using it.

Since many banking sites use two-factor authentication and transaction authorization systems in order to deal with the various threats, but in order to bypass two factor authentication, cyber criminals have started to create various mobile malware like iBanking to solve their purpose.

iBanking Trojan can be used in conjunction with any malware in order to inject code into a webpage and is generally used to redirect incoming SMS messages to bypass two-factor authentication.

It is always important to treat third-party apps with a healthy dose of suspicion and skepticism as cybercriminals are always out there to hijack your every device.

Don't just download any app from any source you happen to encounter and before installing a new app, just check out the reputation of both the app and the publisher. In order to prevent direct installations, go to your Android device’s Applications Settings menu and disable the “unknown sources” option for installing apps.

Stay Safe!

Germany has confirmed its biggest Data theft in the country's history with usernames and passwords of some 18 million email accounts stolen and compromised by hackers.

The Story broke by the German press, Der Spiegel on Thursday, when German Authorities revealed another mass hacking of private data belonged to German citizens and major Internet companies both in Germany and abroad.

16 MILLION AND NOW 18 MILLION

Authorities in the northwestern city of Verden unearthed a treasure of personal information, a list of about 18 million stolen email addresses and passwords, and seized it just after only two months from the previous major data breach, when researchers came across 16 million compromised email accountsof German users while conducting research on a botnet, a network of computers infected with malware. 

The accounts were compromised by hackers in the mid of January, and Der Spiegel suggests that the same group of hackers is responsible for both thefts and that they may be based in one of the Baltic countries.

MILLION ON SPAM .. SHOP... THEFT

According to Investigators, some of the accounts are used to send spam emails and some combinations of email and password are used for online shopping portals, as these mass of stolen personal information could also be used to obtain the financial details of users account. 

To help in securing the Internet users, German authorities warned to take additional security measures to prevent cyber criminals using their data while shopping online.

"It is suspected that these stolen records are being actively misused," said Lutz Gaebel, spokesman of the prosecutor's office in Verden.

SOURCE OF DATA

Till now, It has not been revealed by the investigators that how much they know about this massive data Breach and How the attackers get their evil hands on the personal data of over 18 million users. Lutz Gaebel declined to give more information due to the ongoing investigation.

It is estimated that at least three million of the accounts belonged to German citizens and some of the compromised email accounts have international domain extensions such as ‘.COM’. But in real, the number could be much larger than the visible one as the investigation is ongoing.

The German prosecutor investigating the latest major data theft informed the country's IT watchdog, Federal Office for Information Security (BSI), to introduce additional security measures to help the Internet users.