Welcome to the VB2021 conference!

arrow left Back

The ‘ghost hand’ attack

Fabio Marenghi (Kaspersky) & Fabio Assolini (Kaspersky)
The Covid-19 pandemic has changed many things. For example, businesses, including the way we do banking, buy and pay for groceries and other goods. Mobile banking and m-commerce are booming worldwide, stimulating tap-to-pay, real-time money transfers, and 'express shop', making contactless transactions a new thing that has come to stay. But it's not only about business; we all have had to adjust. Unfortunately, cybercriminals too!

Looking closely at one specific country, 2020 was remarkable: people registered 103 billion financial transactions made by 220 million mobile devices, with 51% of all money nationwide going through smartphones. A new payment system registered 92 million active users, connecting 169 million bank accounts, allowing 441 million real-time money transferring transactions in a short period of four months. This incredible flow of 'mobile-money' turned into a golden opportunity for cybercrime.

In this presentation, we'll show how crooks use this window of opportunity to infect many smartphones, successfully porting into mobile platforms an old but now revived threat: RATs. As a 'ghost hand', these threats allow crooks to carry out a total remote intrusion on infected devices, opening installed financial apps, carrying out silent transactions. Fingerprinting, facial recognition authentication, and many other security measures are useless against them. All in sight of your eyes.

Ghimob, TwMobo, and BRata are here to stay and ready to expand worldwide, stealing your 'mobile money'. Is the security industry prepared to stop them?
Fabio Marenghi
Kaspersky

Fabio Marenghi is Senior Security Researcher at GReAT, the Global Research and Analysis Team of Kaspersky, focused on investigation of cybercrime with financial motivations, with large experience in the banking sector. In the past he has worked with Diebold and other software companies. He is based in Brazil.

Fabio Assolini
Kaspersky

Fabio Assolini joined Kaspersky’s Global Research and Analysis Team (GReAT) in July 2009 to primarily focus on one of the most dynamic countries in Latin America: Brazil. Fabio’s responsibilities include the analysis of virus, cyber attacks, banking trojans and other types of malware that originate from Brazil and the rest of the region. He particularly focuses on the research and detection of banking trojans. In November 2012, he was promoted to Senior Security Researcher. Since 2006, Fabio has been a voluntary member of the security community Linha Defensiva (Defensive Line), a non-government organization. In addition, he is a member of the Alliance of Security Analysis Professionals (ASAP), a network of NGOs, professionals and individuals dedicated to providing security related support to end users. Fabio has more than ten years of experience as a malware analyst and possesses a university degree in computer science.