Devil targets banks in Google Play store

Malware tailored to steal SMS verification tokens from major Australian and kiwi banks is circulating on Google's App store from fraudulent developer accounts.

The bot could be purchased from underground websites and used to target the likes of the Commonwealth Bank, Westpac and NAB along with New Zealand organisations HSBC, Kiwibank and ANZ.

Perkele, meaning devil in Finnish, was used in tandem with PC web application malware, Krebsonsecurrity reported.

Attackers would serve victims a phishing site targeting a nominated bank which would direct them to download the booby-trapped mobile application masquerading as a security verification service.

The app would intercept SMS messages sent by banks to customers to confirm transactions, allowing the fraudsters to empty accounts.

To get the malicious apps on the Google Play store, Perkele's developer was offering to snap up verified accounts for $100 a pop, four times the retail cost.

Those accounts were previously verified by Google to be linked to legitimate applications and domains, allowing the attackers to post their wares to the store.

Attackers could spend $1000 to target a single bank and up to $15,000 to attack any of those supported.

Perkele was not as sophisticated as other bank-targeting malware, but illustrates the types of attacks banks face as more users transact using smartphones.

NAB's head of major crime incident resolution services Grant Baxter said it processes half a million account logins from mobile devices and serves some 10 million transactions each day.

Copyright © SC Magazine, Australia