Welcome to the VB2021 conference!

The ‘ghost hand’ attack

Fabio Marenghi (Kaspersky) & Fabio Assolini (Kaspersky)
partner message

Looking for performance validation for your product?

https://www.virusbulletin.com/testing/

Get an edge over your competitors with Virus Bulletin’s anti-malware & email security certification

programmes, supported by 30+ years of experience. Or take advantage of our bespoke testing service

offering valuable performance feedback for R&D. Email [email protected]

partner message

We don’t just talk about sharing. We do it every day.

https://www.cyberthreatalliance.org/about-cta

Learn how to collaborate with the Cyber Threat Alliance to improve your overall cyber resilience.

We are a greater team when we work together; our collective efforts magnifies our success and

ensures that we are and remain cyber resilient.

partner message

Farsight Security DNSDB® is the world's largest real-time and historical database of DNS resolutions

https://www.farsightsecurity.com/get-started-guide/

DNSDB 2.0 introduces Flexible Search support, unlocking both Regular Expressions and Globbing syntaxes for more granular and accurate search results. Get your free DNSDB API key and use it in our newly updated

web GUI, DNSDB Scout as well as your own existing environments. Contextualize everything that is DNS related with one API key - DNSDB.

partner message

Calling all Hackers!

https://www.ise.io/careers/#op-470256-hacker-midseniorprincipal

We are hiring mid-senior-principal level hackers!

Remote option • Flex schedule • Unlimited vacation • Opportunities for research and publication

partner message

QI-ANXIN Technology Group Inc. Leader of New Generation Cybersecurity

https://ti.qianxin.com/marketing/vb2021/

QI-ANXIN Technology Group Inc. offers next generation enterprise-class cybersecurity products

and services to government and businesses. QI-ANXIN is the Official Cyber Security Services and

Anti-Virus Software Sponsor of the Olympic and Paralympic Winter Games Beijing 2022.

partner message

Do you like doing work that matters to you… and really frustrates the bad guys?

https://talosintelligence.com/careers

At Talos, our mission is to make the internet a safer place and fight the good fight for our customers

and users. If you think you have the expertise and attitude to help lead the world in cutting-edge security,

we’d like to talk.

partner message

IoT security begins with your Smart TV

https://chomar.link/smarttv

CHOMAR Smart TV Security.

Protect your Android Smart TV against malicious activities and use your IoT devices without any worries.

partner message

F5 helps find malware hiding in plain sight

https://www.f5.com/company/blog/half-the-world-s-malware-is-now-encrypted

Encrypted malware is becoming increasingly common, and daisy-chaining security devices is neither

cost-effective, nor efficient. Detecting and stopping malware doesn’t have to be overwhelming with

F5’s innovative products.

partner message

VirusTotal: Actionable crowdsourced threat intelligence

https://www.virustotal.com/

Comprehensive context and cutting-edge functionality to proactively protect from cybersecurity threats.

partner message

Threat Intelligence and Cyber Resilience

https://vblocalhost.com/programme/#TIPS

Join the VB2021 Threat Intelligence Practitioners' Summit (TIPS), sponsored by the Cyber Threat Alliance,

and learn how investment in threat intelligence builds cyber resilience, allowing you to be more effective

when addressing today's dynamic threat landscape.

partner message

Stay ahead of threats with VirusTotal

https://www.virustotal.com/

Stay ahead of the next generation of threats and get relevant insights to solve

the most critical security challenges.

partner message

Ransomware prevention starts with zero

https://www.zscaler.com/solutions/security-transformation/ransomware-protection

Ransomware attacks are increasing 500% year-over-year.

Learn how Zscaler's Zero Trust Exchange helps minimize exposure, damage, and risk

at every stage of a ransomware attack.

partner message

Amazon Information Security - come build the future with us!

https://www.amazon.jobs/en-gb/team/infosec

Do you want to work on privacy and security challenges at unprecedented scale?

We have Privacy and Information Security opportunities available now across

the United States, Dublin, Ireland, and Sydney, Australia.

The Covid-19 pandemic has changed many things. For example, businesses, including the way we do banking, buy and pay for groceries and other goods. Mobile banking and m-commerce are booming worldwide, stimulating tap-to-pay, real-time money transfers, and 'express shop', making contactless transactions a new thing that has come to stay. But it's not only about business; we all have had to adjust. Unfortunately, cybercriminals too!

Looking closely at one specific country, 2020 was remarkable: people registered 103 billion financial transactions made by 220 million mobile devices, with 51% of all money nationwide going through smartphones. A new payment system registered 92 million active users, connecting 169 million bank accounts, allowing 441 million real-time money transferring transactions in a short period of four months. This incredible flow of 'mobile-money' turned into a golden opportunity for cybercrime.

In this presentation, we'll show how crooks use this window of opportunity to infect many smartphones, successfully porting into mobile platforms an old but now revived threat: RATs. As a 'ghost hand', these threats allow crooks to carry out a total remote intrusion on infected devices, opening installed financial apps, carrying out silent transactions. Fingerprinting, facial recognition authentication, and many other security measures are useless against them. All in sight of your eyes.

Ghimob, TwMobo, and BRata are here to stay and ready to expand worldwide, stealing your 'mobile money'. Is the security industry prepared to stop them?

Got a question about this presentation? To get in touch with the speakers, contact Fabio Assolini on Twitter at @Assolini.
Fabio Marenghi
Kaspersky

Fabio Marenghi is Senior Security Researcher at GReAT, the Global Research and Analysis Team of Kaspersky, focused on investigation of cybercrime with financial motivations, with large experience in the banking sector. In the past he has worked with Diebold and other software companies. He is based in Brazil.

Fabio Assolini
Kaspersky

Fabio Assolini joined Kaspersky’s Global Research and Analysis Team (GReAT) in July 2009 to primarily focus on one of the most dynamic countries in Latin America: Brazil. Fabio’s responsibilities include the analysis of virus, cyber attacks, banking trojans and other types of malware that originate from Brazil and the rest of the region. He particularly focuses on the research and detection of banking trojans. In November 2012, he was promoted to Senior Security Researcher. Since 2006, Fabio has been a voluntary member of the security community Linha Defensiva (Defensive Line), a non-government organization. In addition, he is a member of the Alliance of Security Analysis Professionals (ASAP), a network of NGOs, professionals and individuals dedicated to providing security related support to end users. Fabio has more than ten years of experience as a malware analyst and possesses a university degree in computer science.