Kasikornbank (Kbank) Issues A Trojan Warning To Users Of Smart Phones

[webfact]

Phuket: Trojan bug targets KBank accounts

PHUKET: -- Kasikornbank (KBank) has issued a warning to users of smart phones, particularly those running the Android system, that a “Trojan/spyware” program is currently doing the rounds, posing as a Kasikornbank app.

Anyone downloading the app risks allowing allow cyberthieves access to their bank accounts, an announcement by the bank said.

In a message to users of its online banking system, the bank warned, “The application programme can steal your OTP [one-time password] SMSs that are sent from the K-Cyber Banking System to your mobile phone, and make fraudulent transactions.

“KBank will never ask you to download any application program to your mobile phone for use with K-Cyber Banking Service. Please also beware of a fraudulent SMS message that provides a link (URL) for downloading such an application to your mobile phone.

“While using K-Cyber Banking System, if you [encounter] any irregularities such as a message saying that you need to download an application program to your mobile phone, it is possible that your computer may have been infected by a Trojan/spyware program.

“You must stop using the system and immediately call Kbank to ask our staff to suspend your K-Cyber Banking Account. You may resume using K-Cyber Banking only after you are certain that the Trojan/spyware program has been eliminated from your computer.”

Source: http://www.thephuketnews.com/phuket-trojan-bug-targets-kbank-accounts-37561.php

For further information call Kbank at 02888 8800 #3, or email [email protected]


-- Phuket News 2013-03-06

[laislica]

Ha Ha, that'll teach folks not to visit dodgy sites.

As a good friend of mine always says: "We all have to pay for our pleasures, some day!"

Want a good free internet security system for a Windows computer?

Look no further than Comodo

[billd766]

I have had that message every time I log onto their website for a few days now.

On the other hhhhhand I have a dumb phone so I don't worry so much.

[Gary A]

I really don't trust Internet banking in Thailand. It may be relatively safe but why take a chance when all my information is as close as the nearest ATM.

[billd766]

I really don't trust Internet banking in Thailand. It may be relatively safe but why take a chance when all my information is as close as the nearest ATM.

My internet banking is as close as the computer on my desk whereas the ATM is 7 km away. Also I don't get wet if it is raining.

I have been doing internet banking for a few years now with no problems.

[monty]

Had exactly the same warning from Bkk Bank today.

Looks like the scammers made lookalike apps for all the main Thai banks!

[monty]

I really don't trust Internet banking in Thailand. It may be relatively safe but why take a chance when all my information is as close as the nearest ATM.

Using it since Bkk bank started offering it.

Never a problem and they do send regular messages (in proper English) educating their customers on safe usage, along with free offers on anti spyware/antivirus and anti phishing software...

[nikster]

Had exactly the same warning from Bkk Bank today.

Looks like the scammers made lookalike apps for all the main Thai banks!

Same for SCB - SCB is actually sending email to all customers.

Makes sense if you have an app like that, why not make it work for all the banks.

Doesn't happen on iPhones, by the way. That "freedom from malware" quote from Steve Jobs comes to mind... maybe he was onto something after all, what do you think

As for "visiting dodgy sites" - If you get an SMS from your bank chances are you'll open it. Even tech savy people would open such an SMS, and I am sure a large percentage would then go and install the app.

Was only a matter of time until this happened. Banks will need to come up with something better than SMS based two-factor authentication.

BTW I never signed up for Bangkok Bank online banking as at the time it would only work with IE 6. Huge warning sign that they have no idea what they're doing, technology-wise.

[nikster]

I really don't trust Internet banking in Thailand. It may be relatively safe but why take a chance when all my information is as close as the nearest ATM.

My internet banking is as close as the computer on my desk whereas the ATM is 7 km away. Also I don't get wet if it is raining.

I have been doing internet banking for a few years now with no problems.

It's certainly convenient but from a security perspective it's weak. You won't have a problem, until you do.

[webfact]

Phuket: More bank accounts targeted by smartphone trojan
Alasdair Forbes

Phuket: -- Following the story posted by The Phuket News yesterday about a trojan/spyware virus targeted at online banking by Kasikornbank account holders, its seems that other Thai banks, too, are being targeted.

After the story was picked up by Thaivisa.com, members of that site reported having had similar warnings from Siam Commercial Bank and Bangkok Bank.

"Looks like the scammers made lookalike apps for all the main Thai banks," remarked one member.

The banks have warned that smart phone users put their accounts at risk if they download an apparently legitimate app.

Kasikorn warned, “The application programme can steal your OTP [one-time password] SMSs that are sent from the K-Cyber Banking System to your mobile phone, and make fraudulent transactions."

Source: http://www.thephuketnews.com/phuket-more-bank-accounts-targeted-by-smartphone-trojan-37579.php


-- Phuket News 2013-03-07

[lomatopo]

Do BBL even have Android app? I wasn't aware that they did, and can't find any in the Play Store.

SCB has an Android app. but I haven't downloaded nor installed it.

I did receive alerts from both BBL and SCB.

I think Kasikorn's K-Mobile Banking Android app. - K-Cyber is one of the mobile payment platforms here?

[monty]

Do BBL even have Android app? I wasn't aware that they did, and can't find any in the Play Store.SCB has an Android app. but I haven't downloaded nor installed it.I did receive alerts from both BBL and SCB.I think Kasikorn's K-Mobile Banking Android app. - K-Cyber is one of the mobile payment platforms here?

BBL indeed has no Android app. They do have a seperate mobile site though, but with limited functionality.

[Minnehaha]

I have often wondered ... what is the liability in Thailand if someone

a) steals your bank card and takes money out of your account by ATM

hacks your account by phone or computer banking and steals your cash

c) steals your credit card and uses it to buy things/advance cash

I am talking about Thai debit cards, Thai bank accounts, credit cards issued by Thai bank

[wealth]

they should/must make a two way verification. Like mobile pin for every time when login.

Spyware termination is weak in this country. Most even don't know what it is with all their copied software.

They think a antivirus program is sufficient. NO! It's not.

Recently they came in through Firefox browser, my spyware terminator killed it right away. Uninstalled and re-installed again.

BTW, Microsoft got another 570 million Euro fine from the EU, because of their IE tricks.

[AhFarangJa]

Last year my visa card was cloned at swampy, my bank stopped it but not before 3000 pounds was taken from my bank from an atm in the Philippines, which I am getting back thankfully. But, after this I went to my Kasikorn bank and obtained an atm card. I asked the lady in the bank if it was protected from fraud and theft and she said...No.... it is your responsibility.... Still trolling for info on that one, but the card does have a Visa sign, which I assume would cover fraudulent use?. The problem is, if it was cloned and someone took money...how...in Thailand.... do you prove it was not you?

[sandhurstmolonski]

I really don't trust Internet banking in Thailand. It may be relatively safe but why take a chance when all my information is as close as the nearest ATM.

Fair Enough , but you are assuming complete safetly with the ATM , which is not always the Case .

[AsiaCheese]

Had exactly the same warning from Bkk Bank today.

Looks like the scammers made lookalike apps for all the main Thai banks!

Same for SCB - SCB is actually sending email to all customers.

Makes sense if you have an app like that, why not make it work for all the banks.

Doesn't happen on iPhones, by the way. That "freedom from malware" quote from Steve Jobs comes to mind... maybe he was onto something after all, what do you think

As for "visiting dodgy sites" - If you get an SMS from your bank chances are you'll open it. Even tech savy people would open such an SMS, and I am sure a large percentage would then go and install the app.

Was only a matter of time until this happened. Banks will need to come up with something better than SMS based two-factor authentication.

BTW I never signed up for Bangkok Bank online banking as at the time it would only work with IE 6. Huge warning sign that they have no idea what they're doing, technology-wise.

The code authentication that KBank uses can be regarded as pretty safe, as it's happening on a device that (due to no legit KBank app) doesn't otherwise participate in transactions. Without any rogue apps on the mobile, of course...

It would be helpful to know if just deleting the fake KBank app gets rid of it 100%. Any background tasks it might have installed that cheerfully keep running even then? Hopefully not - would be a sign of a "well-written" trojan...

[Cuban]

Ha Ha, that'll teach folks not to visit dodgy sites.

It's not as simple as that.

The problem is no matter the AV/etc software installed if the idiot pressing the keys does not engage brain before installing or accepting what is offered then the best protection is the world cannot stop stupidity.

[Swiss1960]

Had exactly the same warning from Bkk Bank today.

Looks like the scammers made lookalike apps for all the main Thai banks!

Doesn't happen on iPhones, by the way. That "freedom from malware" quote from Steve Jobs comes to mind... maybe he was onto something after all, what do you think

Oh really????????? Where have you been for the last 2 years when all the malware stealing iPhone address books popped up, where have you been when all the iTunes store apps loaded with malware have been discovered which were there due to lack of security testing previous to release to the store?

Only reason we don't see too many malware targeting iPhones is that the iPhone community is still relatively small towares the Android community and thus, not a too interesting target for hackers...

[billd766]

I really don't trust Internet banking in Thailand. It may be relatively safe but why take a chance when all my information is as close as the nearest ATM.

My internet banking is as close as the computer on my desk whereas the ATM is 7 km away. Also I don't get wet if it is raining.

I have been doing internet banking for a few years now with no problems.

It's certainly convenient but from a security perspective it's weak. You won't have a problem, until you do.

AFAIK this is about a smartphone application and I just don't have a smartphone nor where I live in the countryside do we even have 3G.

It is the same as saying I won't have an accident until I do.

I don't intend to live my life worrying about every single thing that may or may not happen.

[laislica]

Ha Ha, that'll teach folks not to visit dodgy sites.

It's not as simple as that.

The problem is no matter the AV/etc software installed if the idiot pressing the keys does not engage brain before installing or accepting what is offered then the best protection is the world cannot stop stupidity.

How about this as a security method used by some Spanish banks:

For your online banking to function you are issued with a unique card that is tied to your account,

it has Lettered rows and numbered columns. At every intersection there is a 2 digit code.

Make a transaction and the OTS question is, enter the code at (say) C7

Then you also get a text message that says something like D5 and you enter the code shown on your card.

Your transaction is validated only if the codes all match.

[louse1953]

Last year my visa card was cloned at swampy, my bank stopped it but not before 3000 pounds was taken from my bank from an atm in the Philippines, which I am getting back thankfully. But, after this I went to my Kasikorn bank and obtained an atm card. I asked the lady in the bank if it was protected from fraud and theft and she said...No.... it is your responsibility.... Still trolling for info on that one, but the card does have a Visa sign, which I assume would cover fraudulent use?. The problem is, if it was cloned and someone took money...how...in Thailand.... do you prove it was not you?

I bet your getting your money back through a UK bank or travel insurance.I have been told the same about responsibility from vice president of Bangkok Bank,and assume nothing is the default action.You prove it by chasing up atm photo's in Thailand.P.I.harder ask,i'll admit.

[skipper]

Anyone know of bank name UPCA in Thailand ???

[AhFarangJa]

Last year my visa card was cloned at swampy, my bank stopped it but not before 3000 pounds was taken from my bank from an atm in the Philippines, which I am getting back thankfully. But, after this I went to my Kasikorn bank and obtained an atm card. I asked the lady in the bank if it was protected from fraud and theft and she said...No.... it is your responsibility.... Still trolling for info on that one, but the card does have a Visa sign, which I assume would cover fraudulent use?. The problem is, if it was cloned and someone took money...how...in Thailand.... do you prove it was not you?

I bet your getting your money back through a UK bank or travel insurance.I have been told the same about responsibility from vice president of Bangkok Bank,and assume nothing is the default action.You prove it by chasing up atm photo's in Thailand.P.I.harder ask,i'll admit.

Yes my bank is in Jersey ( for obvious reasons!), but still takes four months. Good answer ref tracking the camera, never thought of that. I told SCB bank which atm cloned my card at swampy, got a thank you reply and that was it, guess vigilance and unpredictability is the best way though. Or I could just give it all to my wife to take care of.....

[how241]

Had exactly the same warning from Bkk Bank today.

Looks like the scammers made lookalike apps for all the main Thai banks!

+1. Also received the same warning from SCB.

[topt]

Had exactly the same warning from Bkk Bank today.

Looks like the scammers made lookalike apps for all the main Thai banks!

+1. Also received the same warning from SCB.

A little concerning - I haven't?

[qdinthailand]

So how do they know who to target, with what banking app? They somehow have skimmed off information about who logs into what banks, along with their email addresses? or phone #'s? Has someone tapped into the electronic banking system?

How come this hasn't been reported.

[Sandman77]

If the bank want, it's technically possible to allow only one ip access , for one long in at same time !

If the hacker try's log in, the massage apears that 2. Logg in at same time not possible !

This works also on every download protocol only allow one download by same ip, this website administration utility is avalible since the Internet exists!

But the reason is simple why the bank not do!

If the failure is on the customers side, the bank not pay you!

But is the problem on the bank side acount hacked etc, then in the eu the insurance by the bank must refound the money!

In Thailand for sure no matter what happen , your money is gone in any case!

[tropo]

I have had that message every time I log onto their website for a few days now.

On the other hhhhhand I have a dumb phone so I don't worry so much.

I love my dumb phone.

[tropo]

I really don't trust Internet banking in Thailand. It may be relatively safe but why take a chance when all my information is as close as the nearest ATM.

My internet banking is as close as the computer on my desk whereas the ATM is 7 km away. Also I don't get wet if it is raining.

I have been doing internet banking for a few years now with no problems.

Yes, and K-Bank has great internet banking. I always load my phones with it too.