SlideShare ist ein Scribd-Unternehmen logo

Czech Banks are Under Attack, Clients Lose Money.

Petr Dvorak
Petr Dvorak

On September 24, 2018, the clients of three major Czech banks received a major hit by a mobile malware and have money from their bank accounts stolen. What happened with the QRecorder malware?
 (updated version)

Wirtschaft & Finanzen
1 von 13
Downloaden Sie, um offline zu lesen
What happened with the QRecorder malware?
 Czech Banks are Under Attack, Clients Lose Money. petr@wultra.com
"Today, the mobile malware threat got very real.
What happened? • Several clients of the Czech banks reported losing money from their bank accounts. • In total, "high tens of thousands" of US dollars were lost. • About 10 000 user might be affected by the malware. • The users had their Android smartphone infected with mobile malware, Eset was the first to report it. • The police are currently investigating the incident.
Which banks were affected? Affected Not Known to be Affected
More info about the malware • QRecorder: A repackaged app for a phone call recording. • Distributed via Google Play, which is a regular channel. • Activated via a remote update in the right moment. Internally, the "Spy.Banker.AIX" malware core was used. • Tailor-made for specific banks. It was able to bypass the additional security measures designed by the banks.
What was the principle of this attack? • The attack was in principle a clever "overlay attack." • The malware was placing an overlay over the regular banking app. It requested sensitive information from the user, pretending a regular mobile app is requesting the info. • After gathering a sufficient amount of the private information, it intercepted SMS OTP sent via bank and took full control over the bank account.
What can banks do? • Invest in App Shielding / RASP technologies to protect their mobile banking apps from overlay attacks and other sophisticated runtime attacks. Learn more → • Be ready and respond fast in the case a similar threat emerges again. • Educate customers, though it would not help in this case, the customers did everything right.
What can app users do? • Uninstall the QReader app, in case they have it on their smartphone! • Install a mobile anti-virus solution. Learn more → • Be alert to changes of behavior of their mobile banking app. • Never enter any credentials intended for the Internet banking into the mobile banking app or any other system than the Internet banking.
Thank you. petr@wultra.com
Resources
Media Coverage (CZ) • https://www.eset.com/cz/o-nas/pro-novinare/tiskove-zpravy/eset-varuje-pred-nebezpecnou-aplikaci- qrecorder-cili-na-ceske-uzivatele-a-jejich-internetove-bankov/ • https://www.lidovky.cz/byznys/firmy-a-trhy/princip-ktery-vyuziva-skodliva-aplikace-qrecorder-neni- zadnou-novinkou-rika-miroslav-dvorak-z-esetu.A180925_115417_firmy-trhy_pkk • http://www.blesk.cz/clanek/digital-mobily/566831/penize-desetitisicu-cechu-ohrozuje-nebezpecny-virus- na-pozoru-by-meli-byt-uzivatele-androidu.html • https://mobil.idnes.cz/nahravac-hovoru-qrecorder-muze-byt-zavirovany-fr0-/mob_tech.aspx? c=A180925_105023_mob_tech_jm • https://www.chip.cz/novinky/pozor-na-aplikaci-qrecorder/
Media Coverage (CZ) • https://www.zive.cz/clanky/pozor-aplikace-qrecorder-pro-nahravani-hovoru-krade-hesla-k-bankovnictvi/ sc-3-a-195222/default.aspx • https://www.novinky.cz/internet-a-pc/bezpecnost/484292-desitky-tisic-cechu-ohrozuje-nebezpecny- virus-napada-internetove-bankovnictvi.html • https://www.lupa.cz/aktuality/aplikace-qrecorder-z-google-play-je-nakazena-malwarem-cili-na-ceske- uzivatele/ • https://ct24.ceskatelevize.cz/ekonomika/2604389-na-internetove-bankovnictvi-miri-utok-pres-aplikaci- qrecorder-ohrozeny-jsou-mobily

Empfohlen

Innovations on Banking - Digital Banking Security in the Age of Open Banking
Innovations on Banking - Digital Banking Security in the Age of Open BankingInnovations on Banking - Digital Banking Security in the Age of Open Banking
Innovations on Banking - Digital Banking Security in the Age of Open Banking
Petr Dvorak
 
Managing & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee SengManaging & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee Seng
Knowledge Group
 
Mobile Wallet security
Mobile Wallet securityMobile Wallet security
Mobile Wallet security
Suraj Pratap
 
Mobile banking
Mobile bankingMobile banking
Mobile banking
Manoj Karangoda
 
Mobile Payment Value chain and Business Models
Mobile Payment Value chain and Business ModelsMobile Payment Value chain and Business Models
Mobile Payment Value chain and Business Models
Stomar
 
MBA Best Mobile Banking Presentation
MBA Best Mobile Banking PresentationMBA Best Mobile Banking Presentation
MBA Best Mobile Banking Presentation
rajpatelplantemoran
 
Mobile Money Overview
Mobile Money OverviewMobile Money Overview
Mobile Money Overview
Gabriele Farei
 
Mobile money, a development tool for benin powerpoint
Mobile money, a development tool for benin powerpointMobile money, a development tool for benin powerpoint
Mobile money, a development tool for benin powerpoint
AJAVON Samuel
 

Empfohlen

Innovations on Banking - Digital Banking Security in the Age of Open Banking
Innovations on Banking - Digital Banking Security in the Age of Open BankingInnovations on Banking - Digital Banking Security in the Age of Open Banking
Innovations on Banking - Digital Banking Security in the Age of Open Banking
Petr Dvorak
 
Managing & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee SengManaging & Securing the Online and Mobile banking - Chew Chee Seng
Managing & Securing the Online and Mobile banking - Chew Chee Seng
Knowledge Group
 
Mobile Wallet security
Mobile Wallet securityMobile Wallet security
Mobile Wallet security
Suraj Pratap
 
Mobile banking
Mobile bankingMobile banking
Mobile banking
Manoj Karangoda
 
Mobile Payment Value chain and Business Models
Mobile Payment Value chain and Business ModelsMobile Payment Value chain and Business Models
Mobile Payment Value chain and Business Models
Stomar
 
MBA Best Mobile Banking Presentation
MBA Best Mobile Banking PresentationMBA Best Mobile Banking Presentation
MBA Best Mobile Banking Presentation
rajpatelplantemoran
 
Mobile Money Overview
Mobile Money OverviewMobile Money Overview
Mobile Money Overview
Gabriele Farei
 
Mobile money, a development tool for benin powerpoint
Mobile money, a development tool for benin powerpointMobile money, a development tool for benin powerpoint
Mobile money, a development tool for benin powerpoint
AJAVON Samuel
 
Mobile banking
Mobile bankingMobile banking
Mobile banking
vaibhav kubadia
 
BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...
BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...
BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...
BlueHornet
 
Mobile Money: Banks & Telcos, who’s the Boss?
Mobile Money: Banks & Telcos, who’s the Boss?Mobile Money: Banks & Telcos, who’s the Boss?
Mobile Money: Banks & Telcos, who’s the Boss?
Isabelle Berner
 
DIFFERENT CHANNELS OF BANKING
DIFFERENT CHANNELS OF BANKINGDIFFERENT CHANNELS OF BANKING
DIFFERENT CHANNELS OF BANKING
Ravi Arora
 
Innovation Trends in FinTech Industry
Innovation Trends in FinTech IndustryInnovation Trends in FinTech Industry
Innovation Trends in FinTech Industry
Kaustubh Varade
 
Mobile banking adoption
Mobile banking adoptionMobile banking adoption
Mobile banking adoption
Zakaria Hasan
 
160928-27_4th Annual Mobile Wallet Conference 2016_Mobile Wallet Trends
160928-27_4th Annual Mobile Wallet Conference 2016_Mobile Wallet Trends160928-27_4th Annual Mobile Wallet Conference 2016_Mobile Wallet Trends
160928-27_4th Annual Mobile Wallet Conference 2016_Mobile Wallet Trends
Spire Research and Consulting
 
Trustpay-digital payment platform
Trustpay-digital payment platformTrustpay-digital payment platform
Trustpay-digital payment platform
TRUSTpay
 
A study of mobile banking in india
A study of mobile banking in indiaA study of mobile banking in india
A study of mobile banking in india
silky712
 
Mobile Payments revolution
Mobile Payments revolutionMobile Payments revolution
Mobile Payments revolution
Pragati Rai
 
Dissertation presentation on Digital Wallet
Dissertation presentation on Digital WalletDissertation presentation on Digital Wallet
Dissertation presentation on Digital Wallet
HardikBhandari7
 
Έφη Πρεσβεία, Επικεφαλής Επιχειρηματικής Μονάδας Ηλεκτρονικού Επιχειρείν, Eur...
Έφη Πρεσβεία, Επικεφαλής Επιχειρηματικής Μονάδας Ηλεκτρονικού Επιχειρείν, Eur...Έφη Πρεσβεία, Επικεφαλής Επιχειρηματικής Μονάδας Ηλεκτρονικού Επιχειρείν, Eur...
Έφη Πρεσβεία, Επικεφαλής Επιχειρηματικής Μονάδας Ηλεκτρονικού Επιχειρείν, Eur...
Starttech Ventures
 
Peer to-peer mobile payments
Peer to-peer mobile paymentsPeer to-peer mobile payments
Peer to-peer mobile payments
Ishraq Al Fataftah
 
Industry Session on Banking & Financial Services
Industry Session on Banking & Financial ServicesIndustry Session on Banking & Financial Services
Industry Session on Banking & Financial Services
Tata Consultancy Services
 
Mobile Banking
Mobile BankingMobile Banking
Mobile Banking
Arthur Lok Jack Graduate School of Business, The University of the West Indies
 
Mobile Money Business Models
Mobile Money Business ModelsMobile Money Business Models
Mobile Money Business Models
NetHopeOrg
 
mBank - the most design-driven digital bank in the world - NetFinance, Miami ...
mBank - the most design-driven digital bank in the world - NetFinance, Miami ...mBank - the most design-driven digital bank in the world - NetFinance, Miami ...
mBank - the most design-driven digital bank in the world - NetFinance, Miami ...
Nordea
 
Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015
TransUnion
 
Mobile Payments
Mobile PaymentsMobile Payments
Mobile Payments
Mike Batton
 
The History of Fintech Part II
The History of Fintech Part IIThe History of Fintech Part II
The History of Fintech Part II
Ducatus Global
 
Securing 3-Mode Mobile Banking
Securing 3-Mode Mobile BankingSecuring 3-Mode Mobile Banking
Securing 3-Mode Mobile Banking
Jay McLaughlin
 
E banking & security concern
E banking & security concernE banking & security concern
E banking & security concern
Syed Akhtar-Uz-Zaman
 

Weitere ähnliche Inhalte

Was ist angesagt?

DIFFERENT CHANNELS OF BANKING
DIFFERENT CHANNELS OF BANKINGDIFFERENT CHANNELS OF BANKING
DIFFERENT CHANNELS OF BANKING
Ravi Arora
 
Innovation Trends in FinTech Industry
Innovation Trends in FinTech IndustryInnovation Trends in FinTech Industry
Innovation Trends in FinTech Industry
Kaustubh Varade
 

Was ist angesagt? (20)

Mobile banking
Mobile bankingMobile banking
Mobile banking
 
BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...
BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...
BlueHornet Webinar: The Rise of the Digital Wallet - New Opportunities for Em...
 
Mobile Money: Banks & Telcos, who’s the Boss?
Mobile Money: Banks & Telcos, who’s the Boss?Mobile Money: Banks & Telcos, who’s the Boss?
Mobile Money: Banks & Telcos, who’s the Boss?
 
DIFFERENT CHANNELS OF BANKING
DIFFERENT CHANNELS OF BANKINGDIFFERENT CHANNELS OF BANKING
DIFFERENT CHANNELS OF BANKING
 
Innovation Trends in FinTech Industry
Innovation Trends in FinTech IndustryInnovation Trends in FinTech Industry
Innovation Trends in FinTech Industry
 
Mobile banking adoption
Mobile banking adoptionMobile banking adoption
Mobile banking adoption
 
160928-27_4th Annual Mobile Wallet Conference 2016_Mobile Wallet Trends
160928-27_4th Annual Mobile Wallet Conference 2016_Mobile Wallet Trends160928-27_4th Annual Mobile Wallet Conference 2016_Mobile Wallet Trends
160928-27_4th Annual Mobile Wallet Conference 2016_Mobile Wallet Trends
 
Trustpay-digital payment platform
Trustpay-digital payment platformTrustpay-digital payment platform
Trustpay-digital payment platform
 
A study of mobile banking in india
A study of mobile banking in indiaA study of mobile banking in india
A study of mobile banking in india
 
Mobile Payments revolution
Mobile Payments revolutionMobile Payments revolution
Mobile Payments revolution
 
Dissertation presentation on Digital Wallet
Dissertation presentation on Digital WalletDissertation presentation on Digital Wallet
Dissertation presentation on Digital Wallet
 
Έφη Πρεσβεία, Επικεφαλής Επιχειρηματικής Μονάδας Ηλεκτρονικού Επιχειρείν, Eur...
Έφη Πρεσβεία, Επικεφαλής Επιχειρηματικής Μονάδας Ηλεκτρονικού Επιχειρείν, Eur...Έφη Πρεσβεία, Επικεφαλής Επιχειρηματικής Μονάδας Ηλεκτρονικού Επιχειρείν, Eur...
Έφη Πρεσβεία, Επικεφαλής Επιχειρηματικής Μονάδας Ηλεκτρονικού Επιχειρείν, Eur...
 
Peer to-peer mobile payments
Peer to-peer mobile paymentsPeer to-peer mobile payments
Peer to-peer mobile payments
 
Industry Session on Banking & Financial Services
Industry Session on Banking & Financial ServicesIndustry Session on Banking & Financial Services
Industry Session on Banking & Financial Services
 
Mobile Banking
Mobile BankingMobile Banking
Mobile Banking
 
Mobile Money Business Models
Mobile Money Business ModelsMobile Money Business Models
Mobile Money Business Models
 
mBank - the most design-driven digital bank in the world - NetFinance, Miami ...
mBank - the most design-driven digital bank in the world - NetFinance, Miami ...mBank - the most design-driven digital bank in the world - NetFinance, Miami ...
mBank - the most design-driven digital bank in the world - NetFinance, Miami ...
 
Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015Mobile Banking Security Risks and Consequences iovation2015
Mobile Banking Security Risks and Consequences iovation2015
 
Mobile Payments
Mobile PaymentsMobile Payments
Mobile Payments
 
The History of Fintech Part II
The History of Fintech Part IIThe History of Fintech Part II
The History of Fintech Part II
 

Ähnlich wie Czech Banks are Under Attack, Clients Lose Money.

Mobile Security Strategies to Grow Your Business
Mobile Security Strategies to Grow Your BusinessMobile Security Strategies to Grow Your Business
Mobile Security Strategies to Grow Your Business
Easy Solutions Inc
 
Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?
VISTA InfoSec
 
Anti-Fraud Datasheet
Anti-Fraud DatasheetAnti-Fraud Datasheet
Anti-Fraud Datasheet
Mani Rai
 

Ähnlich wie Czech Banks are Under Attack, Clients Lose Money. (20)

Securing 3-Mode Mobile Banking
Securing 3-Mode Mobile BankingSecuring 3-Mode Mobile Banking
Securing 3-Mode Mobile Banking
 
E banking & security concern
E banking & security concernE banking & security concern
E banking & security concern
 
Mobile Security Strategies to Grow Your Business
Mobile Security Strategies to Grow Your BusinessMobile Security Strategies to Grow Your Business
Mobile Security Strategies to Grow Your Business
 
MobileMiner and NervousNet
MobileMiner and NervousNetMobileMiner and NervousNet
MobileMiner and NervousNet
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
 
Mobile banking issues in banking and insurance
Mobile banking issues in banking and insuranceMobile banking issues in banking and insurance
Mobile banking issues in banking and insurance
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Unit-3.pptx
Unit-3.pptxUnit-3.pptx
Unit-3.pptx
 
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
 
Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?
 
OWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationOWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentation
 
Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking
 
ID cuffs: Hackers targeting international travelers
ID cuffs: Hackers targeting international travelersID cuffs: Hackers targeting international travelers
ID cuffs: Hackers targeting international travelers
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud Computing
 
SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013SmartDevCon - Katowice - 2013
SmartDevCon - Katowice - 2013
 
Hackers
HackersHackers
Hackers
 
Anti-Fraud Datasheet
Anti-Fraud DatasheetAnti-Fraud Datasheet
Anti-Fraud Datasheet
 
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryPoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail Industry
 
ransome_case solved.pptx
ransome_case solved.pptxransome_case solved.pptx
ransome_case solved.pptx
 

Mehr von Petr Dvorak

Mehr von Petr Dvorak (20)

mDevCamp 2016 - Zingly, or how to design multi-banking app
mDevCamp 2016 - Zingly, or how to design multi-banking appmDevCamp 2016 - Zingly, or how to design multi-banking app
mDevCamp 2016 - Zingly, or how to design multi-banking app
 
Jak vypadá ideální bankovní API?
Jak vypadá ideální bankovní API? Jak vypadá ideální bankovní API?
Jak vypadá ideální bankovní API?
 
Smart Cards and Devices Forum 2016 - Bezpečnost multi-banking mobilních aplikací
Smart Cards and Devices Forum 2016 - Bezpečnost multi-banking mobilních aplikacíSmart Cards and Devices Forum 2016 - Bezpečnost multi-banking mobilních aplikací
Smart Cards and Devices Forum 2016 - Bezpečnost multi-banking mobilních aplikací
 
Bankovní API ve světě
Bankovní API ve světěBankovní API ve světě
Bankovní API ve světě
 
PSD2 a bankovní API: Top 5 mýtů, které dnes slyšíte
PSD2 a bankovní API: Top 5 mýtů, které dnes slyšítePSD2 a bankovní API: Top 5 mýtů, které dnes slyšíte
PSD2 a bankovní API: Top 5 mýtů, které dnes slyšíte
 
Představení Zingly API Serveru a popis integrace
Představení Zingly API Serveru a popis integracePředstavení Zingly API Serveru a popis integrace
Představení Zingly API Serveru a popis integrace
 
Lime - PowerAuth 2.0 and mobile QRToken introduction
Lime - PowerAuth 2.0 and mobile QRToken introductionLime - PowerAuth 2.0 and mobile QRToken introduction
Lime - PowerAuth 2.0 and mobile QRToken introduction
 
Lime - Push notifications. The big way.
Lime - Push notifications. The big way.Lime - Push notifications. The big way.
Lime - Push notifications. The big way.
 
Zingly - Dopad multi-bankingu a otevřených bankovních API do obchodního fungo...
Zingly - Dopad multi-bankingu a otevřených bankovních API do obchodního fungo...Zingly - Dopad multi-bankingu a otevřených bankovních API do obchodního fungo...
Zingly - Dopad multi-bankingu a otevřených bankovních API do obchodního fungo...
 
Co musí banka udělat pro zapojení do Zingly?
Co musí banka udělat pro zapojení do Zingly?Co musí banka udělat pro zapojení do Zingly?
Co musí banka udělat pro zapojení do Zingly?
 
Bezpečnost Zingly a detaily protokolu PowerAuth 2.0
Bezpečnost Zingly a detaily protokolu PowerAuth 2.0Bezpečnost Zingly a detaily protokolu PowerAuth 2.0
Bezpečnost Zingly a detaily protokolu PowerAuth 2.0
 
Zingly - Single app for all banks
Zingly - Single app for all banksZingly - Single app for all banks
Zingly - Single app for all banks
 
Fashiontech 2015 - iBeacon: Co to je a k čemu je to dobré?
Fashiontech 2015 - iBeacon: Co to je a k čemu je to dobré?Fashiontech 2015 - iBeacon: Co to je a k čemu je to dobré?
Fashiontech 2015 - iBeacon: Co to je a k čemu je to dobré?
 
Webinář: Co je to iBeacon a proč by vás to mělo zajímat?
Webinář: Co je to iBeacon a proč by vás to mělo zajímat?Webinář: Co je to iBeacon a proč by vás to mělo zajímat?
Webinář: Co je to iBeacon a proč by vás to mělo zajímat?
 
Chytré telefony v ČR - H1/2015
Chytré telefony v ČR - H1/2015Chytré telefony v ČR - H1/2015
Chytré telefony v ČR - H1/2015
 
What are "virtual beacons"?
What are "virtual beacons"?What are "virtual beacons"?
What are "virtual beacons"?
 
mDevCamp 2015 - iBeacon aneb jak ochytřit vaše aplikace o kontext uživatele
mDevCamp 2015 - iBeacon aneb jak ochytřit vaše aplikace o kontext uživatelemDevCamp 2015 - iBeacon aneb jak ochytřit vaše aplikace o kontext uživatele
mDevCamp 2015 - iBeacon aneb jak ochytřit vaše aplikace o kontext uživatele
 
iCON DEV - iBeacon, aneb jak ochytřit vaše aplikace o kontext uživatele
iCON DEV - iBeacon, aneb jak ochytřit vaše aplikace o kontext uživateleiCON DEV - iBeacon, aneb jak ochytřit vaše aplikace o kontext uživatele
iCON DEV - iBeacon, aneb jak ochytřit vaše aplikace o kontext uživatele
 
Lime - Brand Guidelines
Lime - Brand GuidelinesLime - Brand Guidelines
Lime - Brand Guidelines
 
Internet of Things as a Leading Trend for 2015 - Examples for Personal Use
Internet of Things as a Leading Trend for 2015 - Examples for Personal UseInternet of Things as a Leading Trend for 2015 - Examples for Personal Use
Internet of Things as a Leading Trend for 2015 - Examples for Personal Use
 

Kürzlich hochgeladen

VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
dipikadinghjn ( Why You Choose Us? ) Escorts
 
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbaiVasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
priyasharma62062
 
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
Call Girls in Nagpur High Profile
 
VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...
VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...
VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...
dipikadinghjn ( Why You Choose Us? ) Escorts
 
( Jasmin ) Top VIP Escorts Service Dindigul 💧 7737669865 💧 by Dindigul Call G...
( Jasmin ) Top VIP Escorts Service Dindigul 💧 7737669865 💧 by Dindigul Call G...( Jasmin ) Top VIP Escorts Service Dindigul 💧 7737669865 💧 by Dindigul Call G...
( Jasmin ) Top VIP Escorts Service Dindigul 💧 7737669865 💧 by Dindigul Call G...
dipikadinghjn ( Why You Choose Us? ) Escorts
 
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Call Girls in Nagpur High Profile
 
From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...
From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...
From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...
From Luxury Escort : 9352852248 Make on-demand Arrangements Near yOU
 
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Call Girls in Nagpur High Profile
 
Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...
Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...
Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...
Delhi Call girls
 
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure service
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure serviceWhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure service
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure service
Pooja Nehwal
 

Kürzlich hochgeladen (20)

VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
 
The Economic History of the U.S. Lecture 25.pdf
The Economic History of the U.S. Lecture 25.pdfThe Economic History of the U.S. Lecture 25.pdf
The Economic History of the U.S. Lecture 25.pdf
 
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbaiVasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
 
Mira Road Awesome 100% Independent Call Girls NUmber-9833754194-Dahisar Inter...
Mira Road Awesome 100% Independent Call Girls NUmber-9833754194-Dahisar Inter...Mira Road Awesome 100% Independent Call Girls NUmber-9833754194-Dahisar Inter...
Mira Road Awesome 100% Independent Call Girls NUmber-9833754194-Dahisar Inter...
 
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
 
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
 
VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...
VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...
VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...
 
( Jasmin ) Top VIP Escorts Service Dindigul 💧 7737669865 💧 by Dindigul Call G...
( Jasmin ) Top VIP Escorts Service Dindigul 💧 7737669865 💧 by Dindigul Call G...( Jasmin ) Top VIP Escorts Service Dindigul 💧 7737669865 💧 by Dindigul Call G...
( Jasmin ) Top VIP Escorts Service Dindigul 💧 7737669865 💧 by Dindigul Call G...
 
The Economic History of the U.S. Lecture 30.pdf
The Economic History of the U.S. Lecture 30.pdfThe Economic History of the U.S. Lecture 30.pdf
The Economic History of the U.S. Lecture 30.pdf
 
03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx
 
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
 
From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...
From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...
From Luxury Escort Service Kamathipura : 9352852248 Make on-demand Arrangemen...
 
The Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdfThe Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdf
 
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
 
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
 
Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...
Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...
Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...
 
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
 
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure service
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure serviceWhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure service
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure service
 
The Economic History of the U.S. Lecture 26.pdf
The Economic History of the U.S. Lecture 26.pdfThe Economic History of the U.S. Lecture 26.pdf
The Economic History of the U.S. Lecture 26.pdf
 
The Economic History of the U.S. Lecture 19.pdf
The Economic History of the U.S. Lecture 19.pdfThe Economic History of the U.S. Lecture 19.pdf
The Economic History of the U.S. Lecture 19.pdf
 

Czech Banks are Under Attack, Clients Lose Money.

  • 1. What happened with the QRecorder malware?
 Czech Banks are Under Attack, Clients Lose Money. petr@wultra.com
  • 2. "Today, the mobile malware threat got very real.
  • 3. What happened? • Several clients of the Czech banks reported losing money from their bank accounts. • In total, "high tens of thousands" of US dollars were lost. • About 10 000 user might be affected by the malware. • The users had their Android smartphone infected with mobile malware, Eset was the first to report it. • The police are currently investigating the incident.
  • 4. Which banks were affected? Affected Not Known to be Affected
  • 5. More info about the malware • QRecorder: A repackaged app for a phone call recording. • Distributed via Google Play, which is a regular channel. • Activated via a remote update in the right moment. Internally, the "Spy.Banker.AIX" malware core was used. • Tailor-made for specific banks. It was able to bypass the additional security measures designed by the banks.
  • 6.
  • 7. What was the principle of this attack? • The attack was in principle a clever "overlay attack." • The malware was placing an overlay over the regular banking app. It requested sensitive information from the user, pretending a regular mobile app is requesting the info. • After gathering a sufficient amount of the private information, it intercepted SMS OTP sent via bank and took full control over the bank account.
  • 8. What can banks do? • Invest in App Shielding / RASP technologies to protect their mobile banking apps from overlay attacks and other sophisticated runtime attacks. Learn more → • Be ready and respond fast in the case a similar threat emerges again. • Educate customers, though it would not help in this case, the customers did everything right.
  • 9. What can app users do? • Uninstall the QReader app, in case they have it on their smartphone! • Install a mobile anti-virus solution. Learn more → • Be alert to changes of behavior of their mobile banking app. • Never enter any credentials intended for the Internet banking into the mobile banking app or any other system than the Internet banking.
  • 12. Media Coverage (CZ) • https://www.eset.com/cz/o-nas/pro-novinare/tiskove-zpravy/eset-varuje-pred-nebezpecnou-aplikaci- qrecorder-cili-na-ceske-uzivatele-a-jejich-internetove-bankov/ • https://www.lidovky.cz/byznys/firmy-a-trhy/princip-ktery-vyuziva-skodliva-aplikace-qrecorder-neni- zadnou-novinkou-rika-miroslav-dvorak-z-esetu.A180925_115417_firmy-trhy_pkk • http://www.blesk.cz/clanek/digital-mobily/566831/penize-desetitisicu-cechu-ohrozuje-nebezpecny-virus- na-pozoru-by-meli-byt-uzivatele-androidu.html • https://mobil.idnes.cz/nahravac-hovoru-qrecorder-muze-byt-zavirovany-fr0-/mob_tech.aspx? c=A180925_105023_mob_tech_jm • https://www.chip.cz/novinky/pozor-na-aplikaci-qrecorder/
  • 13. Media Coverage (CZ) • https://www.zive.cz/clanky/pozor-aplikace-qrecorder-pro-nahravani-hovoru-krade-hesla-k-bankovnictvi/ sc-3-a-195222/default.aspx • https://www.novinky.cz/internet-a-pc/bezpecnost/484292-desitky-tisic-cechu-ohrozuje-nebezpecny- virus-napada-internetove-bankovnictvi.html • https://www.lupa.cz/aktuality/aplikace-qrecorder-z-google-play-je-nakazena-malwarem-cili-na-ceske- uzivatele/ • https://ct24.ceskatelevize.cz/ekonomika/2604389-na-internetove-bankovnictvi-miri-utok-pres-aplikaci- qrecorder-ohrozeny-jsou-mobily