Users are required to pay special attention to password-free Wi-Fi access, since their smartphones can be infected with mobile malware.
According to the Korea Internet & Security Agency (KISA) and the security industry on June 9, a piece of malicious code called the Smart Touch Virus is rapidly spreading. The virus in question tricks people into installing a fake financial app by changing the Domain Name System (DNS) that enables Internet access on a smartphone or tablet PC. Then, it steals the personal information from the device and tries to take out of money.
Park Jung-hwan, an official at KISA, remarked, “We started to analyze the malicious code based on a report by a company specializing in the Smart Touch Virus. We already blocked major sources that spread the virus.” However, the number of infected devices is rapidly increasing, since hackers are constantly changing the addresses that spread the virus via wireless routers.
This attack involves stealing information stored inside a device that accesses a wireless router and trapping people into installing a malicious app, using the vulnerabilities of the wireless router. When people get access to the Internet via a wireless router infected with malicious code using their smartphone, they are automatically led to a fake website fabricated by hackers by altering DNS when they try access a normal website like Naver or Daum.
The main page of the fake web site is very similar to that of Naver or Daum, and thus it is not easy to distinguish between the real and fake one. When people access the fake website, a message pops up, which says, “The latest version of Smart Touch has been released. Please use our service after the update.” Once this update is installed, a malicious app such as a bogus bank app is installed on the smartphone. The mobile malware app steals users' financial information and tries to commit cyber fraud by stealing money. In addition, the app steals the names in the address book stored on the smartphone, and sends a smishing text message that tries to convince people to install a related app.
Park stressed, “The malignant code appears even as a variant app that detours the process of deletion and treatment through a form of vaccine. So, users should not install an app through only URL or an update message.”