More than 3,000 South Koreans have been victims of malicious software posing as legitimate online banking applications just in the last week, claims a new security report from the Korean shores.
Cheetah Mobile, formerly Kingsoft Internet Security Software, has warned users in a blog post about the proliferation of banking malware masquerading as any popular game or app on dozens of third-party Android markets in Korea.
The malware applications on installation, scans for the official applications of certain Korean banks and reports an update required message. Considering it to be legitimate, when users try updating, the malware replaces the original app with a fake malicious version developed to steal sensitive information.
The fake version of the bank application requests users’ security certificate, bank account number, passwords and other sensitive information. Once the information is stolen, the malware pops-up an error message “No Wi-Fi connection. Use 3G or try to connect to the W-Fi again.” As the user closes the message, the malware deletes itself from the device and removes all trace of existence.
The list of Korean banks includes Nong Hyup, Busan, Kookmin, Shinhan, Hana, Woori and the Korean Federation of Community Credit Cooperatives. Cheetah Mobile reports the involved apps to be NH Smart Banking, Busan Bank BS personal smart bank, KB Kookmin bank star banking, Sinhan S Bank, Hana Bank smart phone banking, Woori Bank One Touch Alarm and KFCC bank smart banking.
According to the report, over 2,000 variations of the malware application have been detected so far. More than 3,000 to 6,000 infections have been detected in South Korea every day last week. Cheetah Mobile advice users to have an anti-virus software installed to prevent infections.