informa
/
Attacks/Breaches
Quick Hits

Text Message Attack Steals Money From Bank Accounts

New mobile phone Trojan discovered by Kaspersky Lab is similar to a banking Trojan targeting PCs, but does its dirty work via text message
A new Trojan is spreading via SMS text messages that instruct victims to transfer money from their bank accounts to attackers' phony accounts, according to Kaspersky Lab.

The malware, which attacks Symbian mobile phones, is similar to a banking Trojan that targets PCs. So far, the Trojan is going after customers of an Indonesian mobile provider, according to Kaspersky. The Python script-based malware is a new variant of another mobile Trojan written by Russian attackers.

The Trojan exploits a feature offered by the Indonesian mobile provider in which users can send an SMS text message to another subscriber to transfer money into his or her account.

"Obviously, the authors of the Trojan want to make money," said Denis Maslennikov, senior malware analyst for Kaspersky. "It seems that the focus on financial fraud in the mobile malware industry will only get more pronounced over time. Until recently, many people thought that malicious programs that send SMS messages without the user's knowledge were a purely Russian phenomenon. Now we can see that the problem no longer affects only Russian users -- it's becoming an international issue."

Kaspersky has spotted multiple versions of the so-called Trojan-SMS.Python.Flocker, which transfers anywhere from around 45 cents to 90 cents from a single victim's account at a time to the attacker's account.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5