By promising Internet access authorization through Wi-Fi networks, criminals are tricking users into stealing information to access their banking applications and take money from accounts.
This modality is repeated constantly and recently a new malware called zombinderwhich was found by researchers from Threat Fabricand it has already affected more than 1,300 people in countries like Canada, Spain and Portugal.
It may interest you:
This is Zombiender, a new banking virus
The cybercriminals behind this threat use Wi-Fi connection authorization applications, such as those that appear in hotels or public networks, to invite victims to download a supposed official platform that allows the connection to be established.
By installing the app on the cell phone, the malware has the ability to carry out different attacks such as stealing emails, verification codes, credentials, and the phrases that protect cryptocurrency wallets.
The virus is hidden in ‘zombie’ applications, hence its name. These platforms are not of any use to the user, but they do take care of infecting the device, even with third-party malware.
“zombinder drops and launches the trojan Xenomorph, while the original application remains fully operational, thus the victim remains unprepared. It should be noted that the authors of Xenomorph (known as HadokenSecurity) continue to develop the Trojan,” reported the company that detected the virus.
The main objectives of cybercriminals are bank accounts of entities such as N26, CaixaBank, Santander, ING, Abanca, Targobank, Kutxa, Pibank, Unicaja, BBVA, Bankinter or Openbankamong other.
To prevent more people from falling victim to this malware, the researchers published a list of applications that contain the virus, which attacks Android users:
– WiFi Auto Authenticator (com.woosh.wifiautoauth)
– Football live stream (com.aufait.footballlivestream)
– Wi Fi Authorization (com.welomuxitononu.voretije)
– Live Football Stream 1.9 (com.busafobawori.zuvo)
– OGInsta+ Mod (com.fuyocelasisi.woyopu)
– VidMate (com.focus.equip)
So in case you have one of these platforms installed, it will be better to remove it, in addition to changing the bank access passwords, because the expansion of this type of malware can spread to different parts of the operating system.
It may interest you:
ZIP files, an option for cybercriminals
A report of HP Wolf Security revealed that compressed file formats, such as .ZIP and .RAR, were the most used to distribute malicious software between July and September of this 2022, surpassing those of Office, which for three years were the priority option of cybercriminals.
According to the results obtained through the devices that run this cybersecurity system, 44% of malicious software was delivered within compressed files, an increase of 11% compared to the previous quarter of the year.
While 32% were distributed through Office documents, such as Microsoft Word, Excel and PowerPoint.
The use of this type of compressed files was accompanied by a new form of HTML smuggling, in which cybercriminals embed malicious software in this format to bypass the security of emails and platforms and thus carry out the attack.
One example is what happened with the recent QakBot and IceID campaigns that used these files to direct users to fake online document viewers, posing as Adobe.
They then asked people to open a compressed .ZIP file, enter a password, and unzip more documents that contained the malware and attack the computer.