Security Alert : Zeus Banker Malware Targeting Internet Banking Users [INFO]
Posted by on 20 October 2014 11:14 AM
Posted in 247LiveSupport's News Post on 29th September 2014
ATTENTION: All local Malaysia users who are using Internet Banking.
Dear valued customers,
We have received an alert from CyberSecurity team about malware called Zues which is targeting internet banking users in Malaysia.
a) Smartphones running on Android
b) Vulnerable and unpatched Windows Operating System
The malware will inject a modified fake contents that looks like a real online banking website when user is browsing a legitimate online banking website, in which the content will request victim's smartphone operating system and mobile number.
The malware will SMS to the smartphone a malicious APK and infect the smart phone in order to establish callback with the attackers for further instructions.
For laptop/PC User:
1) Install robust anti-virus, anti-spyware and firewall software on your computer and other devices and configure it to update regularly.
2) Perform regular scans of your systems for malware and other risks.
3) Operating system providers such as Microsoft, periodically releases updates and patches that improve the security of your operating system. You should periodically check for these updates and keep your system current or configure it to do so automatically.
4) When accessing to online banking, make sure there is no pop-up/window that requires personal info such as credit card number, smartphone platform(Android/iOS) etc. Do not enter those information if required.
5) Use only a dedicated computer or laptop to do online banking.
6) If you suspect your bank account has been compromised or spot any activity you have not authorized, please notify your banking provider immediately.
7) Please ensure you logout properly at the end of each session by clicking log-out button. Do not exit by simply closing the browser window.
8) If you come across anything suspicious when you do banking online such as unusual web pages asking for banking information, notify your bank provider immediately.
9) Never respond to any email/advertisements requesting you to provide your login details or log in via a link sent in an email/applications. The bank will never send you a mail or provide links in any applications like that, and such a request is likely to be a phishing attempt.
For Smartphone Users:
1) Verify an app's permission and the app's author or publisher before installing it.
2) Do not click on adware or suspicious URLs sent through SMS/messaging services. Malicious program could be attached to collect user's information.
3) Since URL on mobile site appears differently from desktop browser, make sure to verify it first.
4) Always run a reputable anti-virus on your smartphone/mobile devices, and keep it up-to-date regularly.
5) Don't use public Wi-Fi networks for bank transactions and turn off Bluetooth connection when not in use. These can be open windows for eavesdroppers intercepting the transaction or installing spyware and other malware on user's smartphone/tablet.
6) Update the operating system and applications on smartphone/tablet, including the browser, in order to avoid any malicious exploits of security holes in out-dated versions.
7) Do not root or otherwise 'Jailbreak' your phone; avoid side loading (installing from non-official sources) when you can. If you do install Android software from a source other than the Market, be sure that it is coming from a reputable source.
Source taken from: MYCERT (Malaysia Computer Emergency Response Team) 's Alert.
Do get back to us if you require any further guidance or assistance.
Thank you and have a nice day!