Editors. You need editors.
Miscreants have crafted a new attack designed to steal banking credentials and credit card information via phishing pages crafted to mimic Google Play’s payment interface. The so-called Xbot trojan also weaves its malicious spell by presenting victims with login pages of seven different banks’ apps, six of which relate to …
just to save you from having to read the source to get the only thing that matters at all, but is not apparently important enough for the author here it is:
"We are not clear how Xbot spreads in the wild [ed. stupid individuals]. However, using VirusTotal we found samples that were hosted on the below URLs over the past several months:
So you decide to ignore the security warning and allow apps to be loaded from untrusted sources, then you visit some dodgy Russian web sites , next you decide to download and manuallly install said app onto your device, then prompted to logon to your bank account you do so... Only to find that you have unwittigly fallen victim of this despicable malware.. Truly Shocking!
Never underestimate the stupidity of the average user. I figure that they could pull off this ruse by offering free money and requiring them to verify their bank account (similar to PayPal's bank account verification works by depositing a random amount of money into your account and you verify you own that account by typing in that value and a random number added into the transaction description which would show as POS/PAYPAL*12345678901)
Biting the hand that feeds IT © 1998–2019