We never, instinctively think about the dangers of mobile banking because it is something many of us do everyday. Likewise, we don’t think about whom is going to hack our cars, we don’t worry about our breaks snapping, and we surely do not worry about our smart devices being hacked. Every year, hackers are finding ways to find simple vulnerabilities in the technology we use most, so that they can use it to their advantage, and commit fraudulent activities.
Recently, e-banking has become a hot topic for many cyber security journals. E-banking makes going to bank effortless, saves time, and is ideally economical for students and those on-the-go. Through mobile technology, hackers have been able to put together systems that monitor and record account information of the target. Although security agencies have found a means to develop patches for the hacks, many more threats are beginning to emerge with newer tactics.
According to an article from Computerworld called, New ‘Hesperbot’ bank Trojan targets mobile authentication systems, there is an old virus takes on a new form. It’s called Hesperbot, or formally, “Spy.Hesperbot (ComputerWorld, 2013)”, and it is designed to monitor and log information that an e-banker would input into a mobile device. Countries that have been affected by the virus include the following: United Kingdom, Turkey, the Czech Republic, and Portugal.
welivesecurity.com provides an in-depth analysis on how Hesperbot functions, and what it can do if someone contracts the virus. Like many viruses, this malware will generally disguise as something that needs to be downloaded onto someones computer. Typically, the virus is usually initiated by downloading whatever is packaged with the phishing email. The following is an illustration from Tuicool, about how the process would take place.
After that, what is the catch? Keylogging – this can be a main method of attack, as many viruses make it simple for hackers to monitor key strokes. An excerpt from welivesecurity, illustrates how the Hesperbot keylogger would function:
“The keylogger module intercepts key strokes by hooking the functions GetMessage and TranslateMessage in user32.dll. They are then written to a log file, along with the originating process module name and window title text. [Afterward], the log gets sent to the C&C server (welivesecurity, 2013).” Hesperbot has been sighted several times over the past few months, but should still be considered something malicious.
Dunn, John E.. “New ‘Hesperbot’ bank Trojan targets mobile authentication systems ( – Security ).” IDG News Service. N.p., 6 Sept. 2013. Web. 9 Sept. 2013. <http://news.idg.no/cw/art.cfm?id=82BDE0A0-A1EB-E1EC-46E90209BB8E95F2>.
Lipovsky, Robert. “Hesperbot – Technical analysis part 1/2.” We Live Security. N.p., 6 Sept. 2013. Web. 9 Sept. 2013. <http://www.welivesecurity.com/2013/09/06/hesperbot-technical-analysis-part-12/>.