New malware stealing banking login information

[Dannydet]

BGR: Scary new Android malware is stealing bank logins in these 5 regions.
https://bgr.com/tech/android-malware-targets-banks-in-europe-5925687/

 

[Techemma]

Wow this is really Scary for android users. I'm in Georgia, and glad to be safe, although I use vpn for streaming, downloading, and making online transactions.

 

[Davdi]

I don't use my phone or tablet for banking.

 

[Hadron]

It does however require on social engineering to install it (i.e. tricking someone into downloading and installing an app from a dubious source). So the old mantra of think before you install still applies here.

 

[svim]

Reading through the posted article, it ranks as 90% click bait/10% substance to me. Scare mongering in the news media is unfortunately the new norm.

 

[puppykickr]

Should my phone be wearing a mask?
Maybe two masks?

{sorry, just couldn't resist}

 

[ocnbrze]

Reading through the posted article, it ranks as 90% click bait/10% substance to me. Scare mongering in the news media is unfortunately the new norm.

totally agree. though i think that it is worth mentioning that something like this exists......how many people will be affected by this attack? hard to say, but as long as you are using common sense you should be ok.

 

[Ritik Paul]

phishing attack -- send you an e-mail that looks like it came from the bank with a link to a login page that looks like the bank's but is controlled by the attacker. You try to log in, and now the attacker has your username/password.
1.Or they could get access to your e-mail account and do a password reset.
2.Or they could socially engineer access through the bank's support system.

 

[Hadron]

phishing attack -- send you an e-mail that looks like it came from the bank with a link to a login page that looks like the bank's but is controlled by the attacker. You try to log in, and now the attacker has your username/password.
1.Or they could get access to your e-mail account and do a password reset.
2.Or they could socially engineer access through the bank's support system.

None of these relate to Android malware though.

I don't see how accessing my email (if they got through the 2FA) would give them access to my bank - they won't find the details they need there. The others can be protected against if you are alert and educate yourself as to what scams are used. But honestly, anyone who doesn't know the rule "don't click on links in unsolicited emails" should not be banking online in the first place (you already know your bank's login, you should never need to follow a link. Frankly if the bank were serious about security they would never send you links).

 

[Davdi]

Just stop and think before you click that link.

And don't click it anyway!

 

[Dannydet]

@Davdi, your quote should be the motto regarding this issue!!!

 

[svim]

You really need to contact your bank and put a freeze on that payment, or even your card. If that payment never even became registered to your account than there likely isn't a problem, but you should talk to someone at your bank about what options you do have in this matter.
It might be embarrassing but you need to be up front with details. Identity theft and/or having your checking account drained is serious stuff.

 

[The_Chief]

Skunky business with skunky online sources = skunky stuff coming your way.

It's possible that the... whoever... who took your card information has no intention of charging your card. They likely don't know how much they could get out of you. What they probably do know, however, is how much your card information (CVV code and all) is worth on the black market. My guess is that's exactly where your card information went: to every crook willing to pay for it.

I strongly advise you call your bank, explain what you did, cancel the card immediately and learn your lesson.