it is as reported in malaysia newspaper in utusan malaysia on 25 september 2014
Malaysia Computer Emergency Response Team has published an advisories on this matters in their websites. mycert
here is summary of this
1.0 MyCERT had received several reports regarding a malware that targets Maybank2U and CIMB Clicks customers. Based on mycert initial analysis, they found this campaign uses the Zeus banking malware family as its Modus Operandi in this campaign.
Attacker will infect victim's computers with Zeus banker malware which will inject modified fake contents or page while a user is browsing a legitimate online banking website.
2.0 Affected Systems
The Trending now 2014 is attacking Smartphone using Android
3.0 Process Of Attack : ( This Happen when User Android Devices has been Infected with the Zeus Trojan/ Tracker )
3. 1 3. 2 3 .3 3.4
How Zeus Works ( Even at Android System)
3.1 The Bank's Official URL : User Access the legitimate url address for the online banking system
After Login : User will experience such below
3.2 Zeus Modifies the Page : The malware will inject a modified fake contents that looks like a real online banking website when user is browsing a legitimate online banking website, in which the content will request victim's smartphone operating system and mobile number. ( as attached )
Not Just Maybank2u it also could effect Cimbclicks or other platform of online banking. as long as your Gadget has been infected with Zeus Tracker / Trojan !!
the email address is actually not related to the user login, also the select phone operating system also just a phishing idea to cheat the user. attached here user that experienced with this malware
- when your login seem like this. close your browser and make sure to scan with any trusted antivirus.
if user proceed to follow as what they see, they will have a chance to lost their money !!
3.3 Authentication Attempt : The malware will SMS to the smartphone a malicious APK and infect the smart phone in order to establish callback with the attackers for further instructions.
The modified content will prompt user to choose their smartphone Operating System and provide their phone number as well. With the phone number information, attacker will send SMS containing link to a malicious APK known as Zitmo malware to the victim's smartphone, purportedly to be a an online banking verification certificate.
after this point, the Zeus malware can generates a fraudulent transaction on behalf of the user and authenticate it by intercepting the SMS verification message on the phone and forwarding it to the malware on the PC. The mobile Zeus variant then deletes the confirmation message from the user’s mobile device so the user will not see it and enters the code on the PC to complete the transaction
3.4 Data Transfereed to the C&C ( in a week user will experience money lost in their account !!! )
4.0 Technical Details
Attacker will infect victim's computer / laptop/ tab / smartphone with Zeus banker malware which will inject modified contents when users is browsing a legitimate online banking website.
Summary of the Attack Process
A user whose PC is infected and who tries to access a bank Web site triggers the Zeus malware, which “asks the user to download an authentication or security component onto their mobile device in order to complete the login process.” That security component, disguised as Trusteer’s Rapport product, but actually the Zeus mobile variant, gives fraudsters control of both the user’s PC and the user’s phone. At that point, the Zeus malware can generates a fraudulent transaction on behalf of the user and authenticate it by intercepting the SMS verification message on the phone and forwarding it to the malware on the PC. The mobile Zeus variant then deletes the confirmation message from the user’s mobile device so the user will not see it and enters the code on the PC to complete the transaction.