Pasado, Presente y Futuro de los Troyanos Bancarios en Android -...

Preview:

Click to see full reader

Citation preview

Pasado, Presente y Futuro de los Troyanos Bancarios en Android

Carlos Andrés Castillo Londoño Intel Security (McAfee)

carlos.castillo@intel.com

#WhoAmI

• Ingeniero de Sistemas Javeriano (2009)

• Certified Information Systems Security Professional

• Mobile Researcher en Intel Security (McAfee)

• Twitter: @carlosacastillo

• Blog corporativo: https://blogs.mcafee.com/author/carlos-castillo/

2

https://blogs.mcafee.com/author/carlos-castillo/
https://blogs.mcafee.com/author/carlos-castillo/
https://blogs.mcafee.com/author/carlos-castillo/
https://blogs.mcafee.com/author/carlos-castillo/

Agenda

1. Génesis – Zitmo/Spitmo – FakeToken

2. Evolución – Perkele – Wroba

3. Presente – GM Bot – SpyLocker

4. Conclusiones

3

Génesis: Smartphone Revolution

Fuente: https://en.wikipedia.org/wiki/Mobile_operating_system

4

https://en.wikipedia.org/wiki/Mobile_operating_system
https://en.wikipedia.org/wiki/Mobile_operating_system

Android Malware Revolution

Fuente: http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2012.pdf

5

http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2012.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2012.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2012.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2012.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2012.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2012.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2012.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2012.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2012.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2012.pdf

Android/FakeInstaller

• Pretende ser un instalador de aplicaciones o juegos • Envío de mensajes de texto (SMS) a números Premium • Polimorfismo desde el servidor:

Fuente: http://8dot8.org/2012/deck/8dot8_2012_pres_FR.pdf

6

http://8dot8.org/2012/deck/8dot8_2012_pres_FR.pdf
http://8dot8.org/2012/deck/8dot8_2012_pres_FR.pdf

Inicio de los Troyanos Bancarios en Android

• Componentes para móviles de familias de troyanos bancarios para PC. – Zitmo / Zeus-in-the-mobile (PC-Movil)

– Spitmo / Spyeye-in-the-mobile (PC-Movil)

• Aplicación Bancaria Falsa: – FakeToken

• Objetivos: – Obtener credenciales bancarias (phishing)

– Interceptar segundo factor de autenticación (OTP vía SMS)

7

Zitmo/Spitmo

1. Ejecuta archivo adjunto

2. Infecta Pc con Zeus o Spyeye

3. Accede al Banco

4. Intercepta primera clave

5. Envía primera clave

6. Sugiere software de seguridad falso

7. Instala el malware

11. Envía segunda clave e identificador

8. Ingresa identificador

9. Envía identificador

10. Realiza transacción

Zitmo – Zeus-in-the-mobile

Fuente: http://8dot8.org/2012/deck/8dot8_2012_pres_CCA.pdf

9

http://8dot8.org/2012/deck/8dot8_2012_pres_CCA.pdf
http://8dot8.org/2012/deck/8dot8_2012_pres_CCA.pdf

Spitmo - Spyeye-in-the-mobile

Fuente: http://8dot8.org/2012/deck/8dot8_2012_pres_CCA.pdf

10

http://8dot8.org/2012/deck/8dot8_2012_pres_CCA.pdf

Android/FakeToken

Fuente: http://8dot8.org/2012/deck/8dot8_2012_pres_CCA.pdf

11

http://8dot8.org/2012/deck/8dot8_2012_pres_CCA.pdf

Características Primeros Troyanos Bancarios en Android

Fuente: http://8dot8.org/2012/deck/8dot8_2012_pres_CCA.pdf

12

Característica Zitmo1 Zitmo 2 Spitmo Fake Token Zitmo 3

Envío de todos los mensajes X X X

Token enviado vía SMS X X X

Ataque solo en móvil X

URL codificada X

Protección de código X

Remotamente Desactivable X X

Archivo de Configuración X X

Remotamente Configurable X

Interfaz Grafica X X X X

Ocultación X X

Roba Lista de Contactos X

Remotamente Actualizable X

http://8dot8.org/2012/deck/8dot8_2012_pres_CCA.pdf

Edad Media: Smartphones del 2012 al 2015

Fuente: http://www.idc.com/prodserv/smartphone-os-market-share.jsp

13

http://www.idc.com/prodserv/smartphone-os-market-share.jsp
http://www.idc.com/prodserv/smartphone-os-market-share.jsp
http://www.idc.com/prodserv/smartphone-os-market-share.jsp
http://www.idc.com/prodserv/smartphone-os-market-share.jsp
http://www.idc.com/prodserv/smartphone-os-market-share.jsp
http://www.idc.com/prodserv/smartphone-os-market-share.jsp
http://www.idc.com/prodserv/smartphone-os-market-share.jsp
http://www.idc.com/prodserv/smartphone-os-market-share.jsp

Android Malware 2013 al 2015

Fuente: http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-aug-2015.pdf

14

http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-aug-2015.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-aug-2015.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-aug-2015.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-aug-2015.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-aug-2015.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-aug-2015.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-aug-2015.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-aug-2015.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-aug-2015.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-aug-2015.pdf

Android Bot “Perkele” a.k.a FakeSite

• Bot kit vendido en foros underground: – Solo una entidad financiera: $1,000 USD

– “Universal Kit”: $15,000 USD

• Dirigido a 66 entidades financieras en 11 países: – Europa: Francia, Alemania, Italia, España, Suiza

– Asia: India, Singapore, Turquía, Tailandia

– Oceanía: Australia, Nueva Zelanda

• Distribuido vía web-injects (e.g. Zitmo/Spitmo)

• Integrable con cualquier malware bancario

15

Android Bot “Perkele” a.k.a FakeSite

Fuente: https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/

16

https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/

Android Bot “Perkele” a.k.a FakeSite

Fuente: https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/

17

https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojans-target-italy-and-thailand/

Android/Wroba

• Pretende ser Google Play app • Dirigido a usuarios bancarios en Corea del sur • Reemplaza aplicaciones bancarias con phishing apps:

– Instalación silenciosa (root) – Simulación de actualización (no root)

• Muestra texto para darle mas credibilidad a la nueva app: – Términos y condiciones – App certificada por Yessign (SK Cert)

• Robo de varios factores de autenticación: – Tarjeta de coordenadas – Certificado digital

18

Wroba – Términos y Condiciones

Fuente: https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/

19

https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/

Wroba - Robo Tarjeta de Coordenadas

Fuente: https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/

20

https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/

Wroba – Robo de Información Adicional

• Nombre • Numero de Seguridad Social • Numero de Teléfono Celular • Nombre de usuario / Contraseña • Numero de cuenta / Contraseña • Numero serial de tarjeta de seguridad

Fuente: https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/

21

https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/

Wroba – Actualización Falsa

Fuente: https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/

22

https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/
https://blogs.mcafee.com/mcafee-labs/phishing-attack-replaces-android-banking-apps-with-malware/

Presente: Smartphones Hoy

Fuente: http://www.gartner.com/newsroom/id/3323017

23

http://www.gartner.com/newsroom/id/3323017
http://www.gartner.com/newsroom/id/3323017

Android Malware Hoy

Fuente: http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2016.pdf

24

http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2016.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2016.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2016.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2016.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2016.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2016.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2016.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2016.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2016.pdf
http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2016.pdf

GM Bot

• Descubierto a finales de 2014 en foros underground rusos

• Código fuente filtrado en Diciembre de 2015 – Incluye panel de control y tutorial de instalación

– Comparable en magnitud al filtrado de código fuente de Zeus, SpyEye y Carbep

– Filtrado para mejorar credibilidad en foros underground

• Características de GM Bot: – Superposición de interfaces de phishing

– Interceptación y robo de mensajes de texto (OTP)

– Funcionalidad espía y ejecución remota de comandos Fuente: https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/

25

https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/

GM Bot – Phishing Overlay

Fuente: http://www.cert.pl/news/10648/langswitch_lang/en

26

http://www.cert.pl/news/10648/langswitch_lang/en
http://www.cert.pl/news/10648/langswitch_lang/en

GM Bot - Comandos

• #listen_sms_start y #listen_sms_stop • #intercept_sms_start y #intercept_sms_stop • #forward_calls y #disable_forward_calls • #forwardstart y #forwardstop • #lock y #unlock • #block_numbers, #unblock_numbers y #unblock_all_numbers • #check_gps • #grab_apps • #wipe_data

Fuente: https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/

27

https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/

GM Bot – Overlay Personalizable

Fuente: https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/

28

https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/

GM Bot en Google Play

Descubierto en Mayo 16, 2016 por Lookout:

Fuente: https://blog.lookout.com/blog/2016/05/16/acecard-banking-trojan/

29

https://blog.lookout.com/blog/2016/05/16/acecard-banking-trojan/
https://blog.lookout.com/blog/2016/05/16/acecard-banking-trojan/
https://blog.lookout.com/blog/2016/05/16/acecard-banking-trojan/
https://blog.lookout.com/blog/2016/05/16/acecard-banking-trojan/
https://blog.lookout.com/blog/2016/05/16/acecard-banking-trojan/
https://blog.lookout.com/blog/2016/05/16/acecard-banking-trojan/

GM Bot en Google Play

• Descarga e instala una variante de GM Bot (Acecard) • Además de bancos, afecta aplicaciones sociales como Skype y Facebook

Fuente: https://blog.lookout.com/blog/2016/05/16/acecard-banking-trojan/

30

https://blog.lookout.com/blog/2016/05/16/acecard-banking-trojan/
https://blog.lookout.com/blog/2016/05/16/acecard-banking-trojan/
https://blog.lookout.com/blog/2016/05/16/acecard-banking-trojan/
https://blog.lookout.com/blog/2016/05/16/acecard-banking-trojan/
https://blog.lookout.com/blog/2016/05/16/acecard-banking-trojan/

Phishing Apps en Google Play

11 aplicaciones en Google Play descubiertas este año

Fuente: https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps

31

https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps

Phishing Apps en Google Play

Fuente: https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps

32

https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps

Android/SpyLocker

• Descubierto en diciembre del 2015

• Pretende ser flash player o aplicaciones porno

• Distribución: Blogs hackeados (WordPress, Joomla)

• Superposición de interfaces de phishing (similar a GM Bot)

• Afecta entidades financieras en Australia, Nueva Zelanda, Turquía, Polonia, Francia, Reino Unido y Escocia.

• Bloquea el dispositivo si: – Datos ingresados no son correctos

– Usuario intenta deshabilitar Device Administrator

33

Android/SpyLocker - Distribución

Fuente: https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/

34

https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/

Android/SpyLocker - Ejecucion

Fuente: https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/

35

https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/

Android/SpyLocker - Bloqueo

Fuente: https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/

36

https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/

Android/SpyLocker – Phishing Polonia

Fuente: https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/

37

https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/

Android/SpyLocker – Phishing Francia

Fuente: https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/

38

https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/

Android/SpyLocker – Phishing UK

Fuente: https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/

39

https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/

Android/SpyLocker – Google Phishing

Fuente: https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/

40

https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/

Android/SpyLocker – 2FA

Fuente: https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/

41

https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/

Conclusiones

• Troyanos Bancarios en constante evolución: – Inicio: Web inject en PC y interceptación de 2FA en SMS – Evolución: Botnet, phishing en el dispositivo y filtrado de código fuente. – Presente y Futuro: Ransomware bancario (phishing + bloqueo)

• Beneficio económico del malware en Android: – Inicio: SMS a números premium – Evolución: Ransomware – Presente y Futuro: Ransomware con phishing bancario

• Protección: – Evitar instalar apps de fuentes no confiables (fuera de Google Play) – Contar con software de seguridad para detectar malware – Educar al usuario contra ataques de phishing – En lo posible mantener el dispositivo actualizado

42

¡Gracias por su atención!

43

44

Recommended

La seguridad en dispositivos empresarialesexpologisticacolombia.com/expologistica/wp-content/uploads/2018/… · Los troyanos Son inteligentes y parecen legítimos • Más de 390.000
Documents
CPL malware en Brasil: entre troyanos bancarios y … · Entre los motivos principales de los troyanos bancarios en Brasil y la diferencia con el resto de Latinoamérica, es importante
Documents
CONTRATOS BANCARIOS
Documents
Technologies, Applications and Trends for Social …acis.org.co/portal/sites/all/themes/argo/Conferencias/July2015... · Technologies, Applications and Trends for Social Computing
Documents
Pentesting y troyanos
Technology
Manual de Hacker 131 Trucos Elhacker Hacking Webs, Hack Msn Messenger 7, Seguridad, Hotmail, Troyanos, Virus, Remoto
Documents
ElHacker.COM Hacking Webs, Hack MSN Messenger 7, … · ElHacker.COM Hacking Webs, Hack MSN Messenger 7, Seguridad, Hotmail, Troyanos, Virus, Remoto-ElHacker.com Portada Novedades
Documents
DIA 1_04 agentes bancarios nabard_india
Business
La imagen e identificación de los clientes bancarios tras
Documents
TÉCNICAS DE DETECCIÓN Y ANÁLISIS DE MALWARE EN …bibliotecadigital.usbcali.edu.co/bitstream/10819/4208/1/... · 2017. 7. 18. · malware, incluyendo virus, troyanos, gusanos,
Documents
No. 147 Abril - Junio 2018 ISSN 0120-5919 DOI: 10.29236 ...acis.org.co/archivos/Revista/Sistemasedicion147.pdf · 1960, con una visión futurista más allá del 2030. Mirada que contem-pla
Documents
Documentos Negociables Bancarios
Education
Manual de Hacker - 131 Trucos Elhacker Hacking Webs, Hack Msn Messenger 7, Seguridad Hotmail, Troyanos, Virus, Remoto
Documents
Change The World: One Sequin at a Timeufdcimages.uflib.ufl.edu/.../Troyanos,_Debra_final.pdf · debra troyanos a capstone project presented to the college of fine arts of the university
Documents
131 Trucos Elhacker Hacking Webs, Hack Msn Messenger 7, Seguridad, Hotmail, Troyanos, Virus, Remoto
Documents
Jornal do Cliente Agosto - Bancarios ItabunaTitle: Jornal do Cliente Agosto.cdr Author: user Created Date: 8/14/2018 10:58:03 AM
Documents
CLASE 11 - valhalla.fcaglp.unlp.edu.arvalhalla.fcaglp.unlp.edu.ar/computacion/Teorias/Clase-11-Computaci… · Ejemplos: a) Sea un programa para llevar registro de movimientos bancarios
Documents
Resolucion de Indecopi, Contratos Bancarios Abusivos
Documents
Analisis de Estados Financieros Bancarios i
Documents
Sistemas - acis.org.co
Documents