Mumbai: ESET, a global pioneer in proactive protection for 25-years, alerts on fake Facebook app attack on Android phone to steal personal and bank account details. Facebook users may get a pop-up window which asks for verification of your mobile number and operating system of the phone.
How will this happen?
One will get the below pop-up message while one is logged in the Facebook account, and will be asked to fill the verification window option which asks for mobile number and mobile platform.
If you enter your details, malicious hackers could soon be listening in to the calls made on your Android smartphone, intercepting your SMS text messages, and even listening in to any private conversations you are having in the vicinity of your phone. And, if the hackers can read your SMS messages, they can potentially break into your online bank accounts too.
The message you have seen pop up while you are logged in to Facebook isn’t from Facebook itself, but it’s not the case that Facebook’s website has been hacked either. Hackers are using a notorious banking Trojan horse called Win32/Qadars to display the bogus message from Facebook, in an aggressive attempt to infect Android smartphones.
The Windows-based malware is being used to inject the message into the web browser via JavaScript – making it appear, to all intents and purposes, as if Facebook’s website is serving up the form.
If one makes the mistake of giving the form your mobile phone number, he/she prompted to download an app onto your Android smartphone through the pop up window as below.
The app download will be hosted on a third-party site, rather than the more trusted official Google Play store. This attack is trying to dupe you into installing an Android Trojan horse called iBanking onto your smartphone.
How one can solve this?
One has to check her Android settings and click on Security<Device Administration<Verify apps tab to get warnings and alarms about the apps from the unknown sources. We also suggest you to activate ‘Active device administration’ for better management of your android.
Enabling two-factor authentication on their online accounts, and evolving their malware to try to waltz around it.
