14 DAY TRIAL // Security researchers from Russia-based Group-IB have come across a mobile banking Trojan dubbed “hardcore88.” The threat is currently being sold on Russian underground forums for $2,000 (€1,532).
According to the experts, hardcore88 is not sophisticated from a technical standpoint. However, it can be highly efficient in performing its malicious tasks.
The Trojan poses as an Android security app dedicated to the customers of Australia’s Commonwealth Bank.
The threat is designed to block calls made by the bank to the victim. It’s also capable of intercepting the one-time passwords sent via SMS by the bank when the customer is performing online transactions.
The attack starts with a piece of malware that targets the victim’s PC. When the bank’s website is visited, the threat injects an arbitrary page which instructs users to enter their mobile phone numbers and download a so-called security app that was recently introduced by Commonwealth. This app is actually hardcore88.
“We see that Australian online-banking theft attracts cyber criminals from all over the world, especially, from ex-USSR countries, as this niche is quite new for them and provides for flexibility,” Group-IB CTO Andrey Komerov noted.
Commonwealth Bank is aware of such threats. The organization’s representatives say they’re working with CERT Australia and other authorities in an effort to combat such schemes.
“Our advice to customers is to always download any apps to their Android mobile devices from an authorised platform app store, such as the Google Play Store or Samsung Apps,” Commonwealth Bank stated.
It’s worth noting that Commonwealth’s legitimate Android app has been downloaded over 800,000 times and has been used to make transactions totaling $4 billion (€3 billion). The large number of potential victims is likely the main factor that made cybercriminals target the financial institution’s customers.