Hebrew no shield from hackers, phony bank app shows

Neither language nor a legitimate-looking interface — or even use of an iPhone — can protect users from phishing attacks, say top security mavens

Map of the servers where data stolen by 'Remote Control System' is uploaded to (Photo credit: Kaspersky Lab)
Map of the servers where data stolen by 'Remote Control System' is uploaded to (Photo credit: Kaspersky Lab)

Israelis are just as vulnerable as anyone else to hacking and data theft, and their right-to-left language won’t shield them, experts say, after discovering a Hebrew version of a dangerous phony bank app.

While a Hebrew interface is no guarantee of an app’s safety, said Israeli security expert Tal Pavel, seeing their native language is uncommon enough that it would probably lead Israelis to trust the app more. “It’s really a sophisticated form of ‘phishing,’ where hackers use a form of social engineering to steal data,” said Pavel.

In a phishing scam, said Pavel, an expert on Internet usage and crimes in the Middle East, “hackers search for a ‘weak link ,’ matching a message with a potential victim, using threats, rewards, fear or other psychological tactics to get the victim to click on a link or open a document that will install a virus or trojan, giving them access to data.”

In this case, he said, the legitimate-looking Hebrew app that is almost indistinguishable from the real thing would be enough to prompt Mizrahi Bank customers to download the app and allow hackers free access to their data.

The phony app was spotted Tuesday by California-based security firm Lookout, which examines the Google Play store for suspicious-looking Android apps. According to Lookout’s Meghan Kelly, “the authors put a wrapper around the bank’s legitimate app and redistributed it on the Google Play store, pretending to be the financial institution. Once a victim opens the app, the malware loads the login form, which is an in-app html page that has been changed to siphon off the victim’s user ID’s as they enter their credentials. It’s effectively a phishing attack.

“We alerted Google to the issue, which immediately removed the app,” she said.

One reason the app targeted Android devices and not iPhones is that Apple has much stronger regulations on what appears in the iOS App Store. While developers can freely upload apps into Google Play, Apple vets all apps through a rigorous testing process that, the company says, virtually guarantees that all apps downloaded onto iPhones and iPads will be virus and malware-free.

However, research disclosed by Internet security firm Kaspersky Lab this week indicates that iPhones are just as vulnerable to hacking as Android devices. The company reported that it had discovered a new hack “that is part of a massive international infrastructure being used to control ‘Remote Control System’ (RCS) malware implants, with trojans that work with a spyware tool called Galileo made by the Italian company HackingTeam.”

HackingTeam supplies Galileo to police departments and security agencies around the world. They presumably use it to gain access to users’ phones and tablets. Unlike BankMirage and most other pieces of malware, said Kaspersky, the RCS modules don’t install themselves as apps; instead, they are uploaded to a device when it is synced with a computer. Among the tactics used by hackers to get the modules on the device,were “local infections via USB cables while synchronizing mobile devices. “ said Kaspersky,

Although it had been known that HackingTeam’s mobile Trojans for iOS and Android existed, nobody had actually identified them before — or noticed them being used in attacks,” the company said, publishing a list of dozens of countries where servers that the malware connected to are located. Israel is not on that list, but that doesn’t mean Israelis are safe from this attack, said Danor Cohen of Avnet Security, an Israeli cyber-defense firm. “It’s impossible to know who is behind this, but one thing is clear — anyone connected to the Internet, Israelis included, are vulnerable to any hack perpetrated by anyone anywhere.”

With tools like Google Translate, and more sophisticated translation apps, faking Hebrew is relatively easy, Cohen warned. “In 99% of cases, there is no connection between countries, servers, victims, and even languages. Even Hebrew-language apps and e-mail phishing messages, which surreptitiously direct users to web sites that install malware on their devices when they click on a link, can be fabricated by hackers in any country, anywhere.”

The easiest and best way to avoid getting caught in these kinds of stings, according to Sergey Novikov, one of the top virus experts in Kaspersky Lab, is to install anti-virus software — and not to click on messages or links that seem suspicious.

He said security-aware behavior should be taught to all — professionals in the workplace, and even to kids. Embarking on a major educational program would help ensure that everyone is aware of the dangers in the cyber-world. “We should be teaching this to kids, even from the earliest grades,” Novikov said. “Just like people are taught that they need to wash their hands to prevent disease, they should also be taught how to maintain a cyber-defense as they engage with the Internet, for society’s sake, and their own.”

Most Popular
read more: