A malicious application disguised as a utility and productivity tool has targeted South Korean Android users, aiming to steal their financial information, including banking usernames and passwords.
On Thursday, the Financial Security Institution (FSI), which is responsible for responding to cyber threats in the financial services sector in South Korea, warned that a bogus application named ‘Anatsa’ has targeted 688 finance-related apps in 54 countries, including South Korea, in an attempt to steal users’ banking and financial information.
Anatsa is an Android-based malicious application, also known as TeaBot, that launched a financial theft attack against European financial applications in early 2021.
According to the FSI, hackers disseminated the Anatsa app by disguising it either as a PDF reader or QR code scanner and then uploading it to Google Play. When users downloaded the app, they encountered no initial difficulties, as it appeared and functioned normally. However, once users responded to a prompt to update the app, the Anatsa malware program was installed.
Once the malicious app is installed, it connects to the hacker’s Command and Control (C2) server. This server enables control over the user’s smartphone, allowing it to capture screenshots, steal messages, and intercept authentication numbers. Additionally, hackers are able to manipulate the smartphone by unlocking it and gaining remote access. The stolen data is then transmitted to the C2 server.
The FSI spokesperson stated that during the analysis of the C2 server in early June, they discovered that the hackers’ targets included Android users in South Korea.
Furthermore, Anatsa also works to interrupt antivirus or other similar cleaning applications in order to prevent the malware from being deleted or closed, as reported by the FSI in a press release. This makes Anasta particularly difficult to eradicate.
“As people increasingly use digital financial services, malicious applications are targeting these services more frequently,” stated Kim Chul-woong, President of the FSI. “As these malicious applications can even be found in official app stores, people should exercise caution when using mobile financial services.”
Related article: Top financial security official recommends addressing “the human element” to more fully strengthen banking security
Financial institutions need to pay more and better attention to the “human element” in their quest to create a fully secure banking system if they hope to be able to counter emerging cyber threats, stressed Kim Chul-woong, South Korea’s top financial security official, on Thursday.
Kim, President of the Financial Security Institute (FSI), noted that banks are on the front lines of the great digital transformation and must adapt to the latest technological advancements at a rapid speed. Speaking at the 17th Financial Information Security Conference (FISCON), held in Seoul, Kim explained that bad actors are targeting financial institutions more than ever before, with attacks reaching a point where they have become a threat to the core value of the banking system: trust.
The head of the FSI pointed out the severity of AI-powered cyberattacks by demonstrating a hacking attempt against the financial system’s security procedures. Kim showed the audience how deep fake technology allows one to forge a virtual image of oneself, explaining that bad actors could employ this method to bypass the bank’s verification system. Once such actors penetrate the financial system, the damage could spread across diverse industries and might, in a worst-case scenario, create a full-fledged state of emergency. READ MORE
