Friday, June 1, 2018

CERT (Indian Computer Emergency Response Team) @ Spyware viruses — Virtual Girlfriend and Panda Banker


CERT (Indian Computer Emergency Response Team) @ Spyware viruses — Virtual Girlfriend and Panda Banker



Two social media-triggered spyware viruses — ‘virtual girlfriend’ and ‘panda banker’ — have creeped into the Indian cyberspace and can steal a user’s banking details and secret data once activated unknowingly, a cyber security advisory has said.

‘Virtual girlfriend’

The more notorious one is personal data stealing virus ‘virtual girlfriend’ that “infects” a user’s Android-based smartphone via popular social media site Twitter.

“There have been reports of a new android malware family which is being spread disguised as an adult game known as virtual girlfriend through Twitter,” the Computer Emergency Response Team of India (CERT-In) said in a latest advisory. “This malware has the capability to steal the user’s data on to the C2 server (command and control server used by the virus),” it said.

CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian internet domain. The advisory said the “primary source of this malware is Twitter” and there are multiple handles (possibly bots) on this micro-blogging site that “have been sharing” the short link to this malware to entice users into installing it on their devices.

“The short link leads to the website hxxp://miakhalifagame[.]com/,” it said.

The agency said the malware cons the user by flashing a message that it is getting un-installed but instead, it “hides” its icon from the app (application) drawer and continues to run silently in the background.

It then steals the android phone user’s mobile number, account detail, installed app list, contacts and SMSes, the advisory said.

‘Panda banker’

Similarly, the other spyware that has been noticed on the Internet is the ‘panda banker’, a spin-off of the zeus banking trojan malware (a prominent hacking virus).

“It leverages man-in the-browser or web inject attack techniques to steal user’s banking credentials,” it said.

The malware, it said, generally spreads via unscrupulous attachments or via exploit kits (malicious snooping virus programmes) such as “ngler”, “nuclear” and “neutrino” exploit kits.

The CERT-In has suggested users to follow safe browsing practices along with deploying certain countermeasures to thwart the two viruses.

“Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list and never click on a URL (universal resource locator) contained in an unsolicited e-mail, even if the link seems benign.

“In cases of genuine URLs close out the e-mail and go to the organisation’s website directly through browser,” the cyber security watchdog said.


Regards

Mr. Pralhad Jadhav 
Master of Library & Information Science (NET Qualified) 
Senior Manager @ Knowledge Repository  
Khaitan & Co 
Twitter Handle | @Pralhad161978
Mobile @ 9665911593

No comments:

Post a Comment