Zeus, the Greek king of all Gods, the ruler of sky and weather, is targeting your phones. Internet banking via smartphones is a safe and convenient way go about your business, but a certain virus called the Zeus Malware Family is found its way into your supposedly secure online account.
We kid you not, but allow us explain.
On 25th September 2014 CyberSecurity Malaysia issued an alert to all Maybank2U and CIMB Clicks users on its Facebook page. It seems that a group of hackers are getting really creative and targeting Android users who access to either Maybank2U or CIMB Clicks on their smartphones. According to The Star, at least eight people had lost more than RM59,000 this month to the scam.
But how is this possible?!
Wait, isn’t this a plot from NCIS or the Matrix or some other movie about hacking?
Unfortunately not. The CEO of CyberSecurity Malaysia issued a notification claiming that both of these websites are still safe, but he did urge the users to be extra careful when they are logged in to any online banking page. So how did these sneaky malware gets injected into smartphones?
CyberSecurity Malaysia has the answer:
1st step: The attacker will infect the victim’s computer with the mighty virus, Zeus. When you browse a legitimate online banking website a pop-up may appear. This prompts the victim to choose their mobile phone operating system; they will then be instructed to enter their phone number.
2nd step: The attacker will then send an SMS (there are reports that they use other messaging apps like WhatsApp as well) containing the download link to the malicious Zitmo malware. If the victim clicks on the link, the malware will then be installed in the smartphone.
3rd step: The attacker can then obtain the victim’s login information and perform transactions using the stolen credentials – and yes, they can access the TAC numbers as well.
4th step: This may or may not be true, but we’re pretty sure that the attacker will then let out a cliché maniacal laugh because he or she has successfully stolen money from an unsuspecting victim.
According to the CyberSecurity website, this mobile malware has been around since 2010, but this is the first where Malaysian online banking users are targeted.
Tips to keep safe when banking online
To prevent this horrific sci-fi story from coming true, make sure that you install a good anti-virus on your computer or laptop and constantly scan the device for viruses or other malwares. Also, stay alert and take precautions with these tips:
• For the time being, use only one computer or laptop to perform all of your online banking activities. The great Yoda would probably advice you to “get good anti-virus programme, you must”, so listen to him and protect your device now!
• When accessing to online banking, make sure that there is NO pop-up window that requires you to input any personal information. If there is, log out and call the bank to make a report.
• Don’t leave your desktop or laptop without first logging out of your online banking account.
• Don’t take the phishing bait. Never, ever, respond to any e-mail or advertisements from so-called banks. Also, don’t click on any suspicious links that you’ve received via e-mail, SMS, or any other messaging apps. Curiosity is a great trait to have but for now, let it stay on Mars
• When downloading an app on your smartphone, verify the app’s author and permission before you click “install”.
• Since a mobile website address sometimes appears differently from desktop browsers, make sure to verify it.
Stay safe, folks!