wpid-sdfp-zeus.jpg

As you may realize, there’s malware called Zeus banking malware that’s targeting Malaysian banking customers.

I notice there are some misunderstandings on the internet. One of the misunderstandings is that the CIMB app is not safe. Which is absolutely not true.

As a result, I thought I should explain how the malware works and how to stop it.

Here’s a simplified version of how it works[1],

1.The user’s computer is infected with Zeus banker malware. The malware is used to inject modified contents when users is browsing a legitimate online banking website.

2.The modified content will prompt user to choose their smartphone Operating System and provide their phone number as well. With the information, attacker will send SMS containing link to a malicious APK known as Zitmo malware to the victim’s smartphone, purportedly to be a an online banking verification certificate.

3.Once the app in installed, attacker now can login to victim’s online banking account using the stolen credentials and perform online transaction successfully by using intercepted (by the malware app) TAC number.

image

As you can see the source of the problem is not the CIMB app.

It is the user’s computer that is infected with malware. Also, user trusted APK sent by email or directly downloaded from sources other than the official Google Play Store (this is called sideloading).

Apps that are available on Google Play Store are scanned for malicious intents and activities. But individual APKs sent by unknown party may contain malware.

Measures you can take to prevent it,

1.(THIS IS MOST IMPORTANT) Don’t turn on Unknown Sources option in settings. This option is off by default. It is off to prevent sideload.

2.Only install apps from Google Play Store. Don’t install app from email or direct downloaded apk.
Don’t trust any emails, SMSs and websites that’s asking for private information. Always contact the bank to be sure.

3.Make sure the bank website url is correct. For CIMB: http://www.cimbclicks.com.my/.

4.For Maybank: http://www.maybank2u.com.my/

5.Don’t root your phone.

The CIMB app on Android is absolutely secured. We follow Android guidelines and best practices to make sure of it. We never store sensitive data on your phone. All sensitive data are encrypted before sending to server.

Also, the Android security model is based on Linux, which is very secured. All apps are sandboxed to prevent apps accessing other apps while they are running[2].

Furthermore, Google Play Store is actively scanning and removing malware apps.

References:
http://www.mycert.org.my/en/services/advisories/mycert/2014/main/detail/1002/index.html
https://source.android.com/devices/tech/security/

Say Hi! Send us your message!