Go to contents

New malicious code breaches double security system

Posted April. 16, 2014 00:08,   

한국어

The government has adopted a multiple authorization process for transactions transferring over 1 million won in order to prevent financial fraud in electronic banking. However, an “intelligent malicious code” that exploits this system and attacks personal computers and smartphones at the same time has been detected.

The Korea Internet and Security Agency announced on Tuesday that a new malicious code that combines “Pharming,” hacking into the Internet banking on a personal computer, and “Qshing,” stealing data from smartphones, was found. The new code infects a personal computer first. On an infected computer, a user is directed to a fake banking site even if he or she enters a correct website address and ordered to enter a QR code for a two-channel authorization process. Once the user logs in the QR code on a smartphone, the smartphone is also infected with the malicious code. After the infection, hackers can freely manipulate the smartphone, such as stealing phone numbers and text messages.

Park Sang-hwan, a manager of the Code Analysis Team at KISA, said, “If (the site) requires an abnormal level of information, including all numbers on a security card, and suggests installing an additional program on a smartphone through a QR code or other measures, you should suspect (the authenticity of the site).”