Posted on June 25 2014 07:08 PST
The CM Security Research Lab is closely monitoring the proliferation of malware which is infecting Korean Android users at a rapid rate. This malware infects users by typical trojan means, and once installed it replaces your banking apps with fake versions that are designed to steal your information.
It can pretend to be a popular game or tool on third party Android markets and fool the user into downloading it. There are dozens of Android markets in Korea.
After installation, the virus will scan your app list for the official apps of certain banks. If it detects one of these apps, the virus will tell you that your bank app needs to be updated. If you agree to the update, the official app (latter one) actually gets deleted and is replaced with a convincing copy(former one).
Once the fake app has been loaded, it will ask you to input your certification password (which it will then steal). This is a document used to indentify people for the purposes of online banking services, e-commerece, and other government related administrative purposes. It includes your personal information as well as banking information such as your ID and password. It gives a person wide access to banking and other important services. Once this password has been obtained, the malware asks you to enter your bank account number, passwords, and finally your bank security card number, which is issued to the user when they create an account. After all this information has been successfully entered, a pop-up window appears with the message "No Wi-Fi connection. Use 3G or try to connect to the W-Fi again." Closing the message automatically exits the app, and deletes the app icon from the homescreen. The virus has now stolen all the information it needs, and is in the process of removing all traces itself from the device.
With the information that they stole, the hackers can apply for a new certificate, which they then use to freely access the victim's bank account.In the last week, more than 3,000 users have been infected due to the malware posing as the following banks.
This virus is very stubborn and can be hard to remove, but CM security can help you complete the process with ease as follows.
We suggest you that you keep an antivirus app installed and updated at all times in order to protect yourself against threats such as these.Get CM Security FREE at Google Play.