Finding Banking Trojans in Eastern Asia – Report From CeCOS VII
Last April 23 – 25, I attended the seventh Counter eCrime Operations Summit (CeCOS VII) initiated by the Anti-Phishing Working Group (APWG). This year, the conference was held in Buenos Aires, Argentina. Security experts from Japan, Paraguay, Brazil, North America, Russia, and India flew to the South American city to discuss about the developments in the cybercrime arena. Together with 8 other participants from Japan, I arrived in Buenos Aires after a 38-hour flight. However, the talks and the level of energy in the conference definitely made the whole trip worth it.
Overall, CeCOS featured 23 sessions divided into eight tracks, including two panel discussions. Aside from attending interesting talks, I also participated as a speaker at the event.
I was very much interested in attending two talks: the National Field Reports and Mobile Attack Sessions. The National Field report particularly intrigued me, as it argues that the threat landscape of a particular country is a reflection of what’s happening globally.
By now, it’s pretty much established that the mobile platform is the latest cybercrime battlefield, so I think it’s crucial to know what’s happening in the mobile threat front.
As I mentioned earlier, I also participated as a speaker. As the representative of the anti-phishing council of Japan (CAPJ), I gave the talk Finding the Banking Trojan in Eastern Asia.
Speaking at CeCOS VII
Japanese-language phishing emails were first spotted in 2004 and since then, these mails have poured in and caused serious damage. As technology developed, these emails took more subtle forms, which made detection more difficult. In addition, instead of direct links to phishing sites or a malicious attachment, phishing sites instead contain links to compromised sites that eventually lead users to malicious sites that contain exploit kits.
As we all know, attackers are already expanding their threats to other platforms, particularly mobile. Thus, I presented my analysis of ANDROIDOS_CHEST, which targets Android OS and was reportedly found affecting South Korea. Users would receive text messages offering free coupons for either movie tickets, fast food, or coffee if the user downloaded an app, which was actually ANDROIDOS_CHEST.
The malware monitors and gathers text messages in order to defeat two-factor authentication done via text messaging. ANDROIDOS_CHEST then sends the gathered messages to the attacker.
The most important question though is, how can users protect themselves from the threats of phishing? The CAPJ has these tips:
- Keep your computer safe.
- Beware of suspicious emails.
- Access and bookmark legitimate URLS.
Another helpful advice is to always keep your systems updated with the latest security patches for your system. As Banking Trojans are usually delivered through exploit kits (by way of phishimg emails), users are protected from exploits that target old vulnerabilities.
Trend Micro provides tools and technologies that help protect users against security breaches and data theft. Trend Micro DirectPass manages your passwords so that using and remembering unique passwords for multiple accounts is no longer difficult. Trend Micro Mobile Security protects against threats like ANDROIDOS_CHEST that are on mobile devices. The Smart Protection Network provides both email and web reputation, blocking these threats before they arrive on user systems.