Hesperbot thwarts Android, Symbian, BlackBerry two factor auth

A banking trojan is targeting users across the Czech Republic, Turkey, Portugal and the Britain.

The infection campaign targeted computer and mobile devices with the "sophisticated” Hesperbot trojan malware.

ESET security evangelist Stephen Cobb said the malware was being "tested" with authors possibly turning focus to the US.

The trojan spreads via phishing emails masquerading as a tracking update from the Czech Postal Service.

Cobb said the malware was downloaded once the phishing site was opened.

The trojan modules captured banking information by way of web-injects, keyloggers and form-grabbers, Cobb said. Users were also prompted via the faux website to enter their mobile number.

Victims who entered their mobile number received an SMS text message containing an app that, when downloaded, infects mobiles and provides attackers a means of circumventing two-factor authentication required by many European banks.

Android, Symbian and BlackBerry devices have been targeted.

“We've not yet seen any attribution indicators at this point,” said Cobb. "But we're not looking to attribute right away – we're looking to see what the code does to make sure we can defend against it."

He added that researchers see Hesperbot as similar, yet more sophisticated, than similar trojans such as SpyEye and Zeus.

“The big picture to me is that this is proof that banking trojans have a lot of life left in them,” Cobb said. “This is a whole new banking trojan. While it's got a lot of features of the others, it's not reusing code. It's built from the ground up.”

He added that clicking links in emails is risky and advised users to visit websites via the web address bar in their web browsers. Make sure your anti-virus is active and up to date, too, he added.

This article originally appeared at scmagazineus.com