The attack begins by infecting user’s computer with the Qadars banking trojan, which is usually done via drive-by download. Jean-Ian Boutin, an ESET malware researcher told SCMagazine
The trojan then intercepts the webpage downloaded and uses javaScript , meant to be injected into Facebook web pages, which tries to trick the user into installing an Android application.
when the user login into his Facebook account he is showed up with a fake verification page injected by the malware, asking the user to verify his mobile phone number and operating system of his mobile device
Once the user enters his Mobile number and select the operating system of his mobile as Android he is sent with a link via sms which on clicking downloads a iBanking malware, in case the user does not get any sms he is asked to to scan a QR code and directly open the link.
And next the user is guided up to install a fake Facebook app which infact is the iBanking malware. which once installed can be used by the Cyber Criminals to spy over the user. since the malware has several capabilities, including capturing incoming and outgoing SMS messages, redirecting incoming voice calls, and even capturing audio using the deviceโs microphone. and can also be used to steal users bank account details.
Facebook webinjects deliver Android iBanking malware.
Hackers are targeting Facebook users, tricking them into downloading a Dangerous piece of malware on their Android devices.
Read More