Hesperbot malware targets Australian banking customers with mobile app: SSO Alert Priority High
27 March 2014
Subscribers should be aware that Hesperbot, a type of malware (Trojan) is being used to steal banking details of Australians following similar campaigns in 2013 that targeted banking and financial institutions in Turkey, the Czech Republic, Portugal and the UK.
Security vendor Eset suggests Australia is currently one of the top three countries targeted.
The malware has capabilities that include joining your computer to a botnet, key logging, capturing screenshots, capturing video, setting up a remote proxy, and attempting to lure Android, Blackberry and Symbian device users to download a fake banking app designed to steal your banking credentials.
Hesperbot malware is also capable of updating itself, downloading additional malicious modules from its command and control server (which controls the botnet) and sending any data it has stolen back to the controllers.
In Australia the malicious banking app component (or ‘security update’) is currently being presented as ‘NetCode Smartphone Security’. You might mistakenly download this after seeing a pop up notification, caused by the malware, advising that you need to install this ‘security update’ or ‘app’, in order to use your online banking.
Hesperbot is spread by phishing emails. Previous Hesperbot phishing campaigns have used fake postal tracking notification emails and invoices—both scammer favourites—to distribute the malware as an attachment.
What should you do?
Do not install this app or ‘security update’.
Make sure your genuine security software is up to date on your computer.
Only download security software from a reputable source that you know and trust.
Be suspicious of unsolicited emails. Do not open suspicious emails, or click their links or attachments. Simply delete the message.
Banks do not issue ‘security updates’ that need to be installed on your computer to use their online banking services.
Most banks will redirect to you the relevant mobile app store for any updates for their apps.
Only download security updates for your computer directly from the software manufacturer’s website or via your computer’s existing software update options.
Only download apps for your mobile devices from a reputable source, such as the device's app store or the software manufacturer’s website
More information on avoiding scams and hoaxes and managing spam.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.