"Furry it off".... ah these bald (furry/bald) russian hackers!
Are they now using virtual weasels to carry their loot across borders... :-)
Attackers suspected of residing in Russia are raiding Swiss bank accounts with a multi-faceted attack that intercepts SMS tokens and changes domain name system settings, researchers have warned. The attacks sported a clever implementation of malware that pointed victim machines to replica phishing bank sites when they attempt …
I got a buffer overrun when I read that.
Clearly you have been coded before the advent of high-level languages and the wide dissemination of security-conscious coding techniques.
The doctor recommends that you better not frequent malword-ridden lowbrow sites like El Reg.
This implies that that the victim is stupid enought to follow the click bait, that the victim has an Android telephone, that the victim is stupid enough to also install an App from an unknown source.
In Switzerland the main banks DO NOT send you emails and people know this and also they do not mention in the article that there is usally another factor of authentication required , the little calculator+card = code or the code grid. ( Or at least with the UBS, BCGE and CA there is).
"Emmental" after the delicious and hole-ridden Swiss cheese.®
Emmental is the rubbery tasteless cheese that non cheese-lovers drone on about.. Gruyere on the hand other has taste...
How do you manage to only mention Android in relation to malware that only runs on Microsoft Windows. It would be relevent if the malware was somehow able to infect Android smartphones without the banking customer being aware if this.
"does not help that the banks whose customers are targeted by this attack do not officially support Android apps" ref
Two-factor authentication is a solid security method, but the techniques vary quite a bit. The OTP exploited by the Retefe trojan is obviously flawed because the hackers have redirected the OTP to themselves. An interactive second factor to authenticate the actual person POST-LOGIN like a voice biometric or fingerprint would have stopped some of the account hijacks. A phone call over the voice channel of the mobile phone repeating the actual transaction details, like “To send $3,000 to an account ending in xxx123 do this… to cancel do that” would catch the end users attention if they were sending $30 to the electric company.
This is the classic problem with Android, you can't trust the apps you download. Don't downlaod apps off random sites and if a bank tells you to at the very leas google it first to find out if other people are asking "why do i need to download this?" The final step should be to scan any app on or off GooglePlay with a multi scanner like VT or Metascan Online