Buguroo Warns About Threat of Android Banking Trojan in Brazil

0
43

Buguroo is calling attention to the threat of the BasBanke Trojan for Android devices in a new post on the company blog. Also known as Coybot, the BasBanke Trojan specifically targets Brazilian banking institutions, although it does have some similarities to the Pazera Trojan that goes after Windows devices in Latin America more broadly.

According to Buguroo, the BasBanke Trojan seems to spread through
fake Facebook posts and WhatsApp messages. Once it infects an Android device,
it will track the activity on that device and overlay a fake login page that is
designed to mimic the actual login page of an app like Google Play, tricking
the user into entering credentials that can be captured by the malware.

In many cases, the overlay will only appear when the user
tries to open the app, which makes the user think the activity is legitimate
and makes the gimmick even more effective. Coybot also uses Base64 encryption
to make the malware harder to detect.

The Trojan first appeared in 2018, and has only appeared
sporadically in the months since. However, it is not the only Trojan of its
kind, and highlights the fact that consumers are often not aware that a device
has been infected.

Buguroo notes that one-time SMS passwords sent via text
message can be easily intercepted and are therefore unreliable as a security
measure. The company presents behavioral biometrics as a potential solution to the
problem, arguing that continuous authentication during a banking session can
help stop cybercriminals that have managed to get their hands on someone’s
account and login information.

In that regard, the post is merely Buguroo’s latest security primer. The company has already detailed some of the strengths and weaknesses of various forms of two-factor authentication, and discussed countermeasures that can be taken to prevent first and second party fraud.

Buguroo also received $11 million in Series A funding in November.  

Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here