Two social media-triggered spyware viruses — ‘virtual girlfriend’ and ‘panda banker’ — have creeped into the Indian cyberspace and can steal a user’s banking details and secret data once activated unknowingly, a cyber security advisory has said.
The more notorious one is personal data stealing virus ‘virtual girlfriend’ that “infects” a user’s android-based smartphone via popular social media site Twitter.
“There have been reports of a new android malware family which is being spread disguised as an adult game known as virtual girlfriend through Twitter,” the Computer Emergency Response Team of India (CERT-In) said in a latest advisory.
“This malware has the capability to steal the user’s data on to the C2 server (command and control server used by the virus),” it said.
CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian internet domain.
The advisory said that the “primary source of this malware is Twitter” and there are multiple handles (possibly bots) on this micro-blogging site that “have been sharing” the short link to this malware to entice users into installing it on their devices.
“The short link leads to the website hxxp://miakhalifagame[.]com/,” it said.
The agency said the malware cons the user by flashing a message that it is getting un-installed but instead, it “hides” its icon from the app (application) drawer and continues to run silently in the background.
It then steals the android phone user’s mobile number, account detail, installed app list, contacts and SMSes, the advisory said.
Once the classified information is compromised, the person becomes more vulnerable to cyber frauds that may lead to the user’s money being robbed rob and personal details such as photos and message content compromised, a cyber security expert said.
Similarly, the other spyware that has been noticed on the Internet is the ‘panda banker’, a spin-off of the zeus banking trojan malware (a prominent hacking virus). “It leverages man-in the-browser or web inject attack techniques to steal user’s banking credentials,” the advisory said.
The malware, it said, generally spreads via unscrupulous attachments or via exploit kits (malicious snooping virus programmes) such as “ngler”, “nuclear” and “neutrino” exploit kits.