Home / Advisory / Hackers are using remote-access software to carry out the “Live Clonejack Attack”: You will find your e-wallets and net-banking accounts being drained out

Hackers are using remote-access software to carry out the “Live Clonejack Attack”: You will find your e-wallets and net-banking accounts being drained out

Posted on
Attackers install Remote Access software for “Live Clonejack Attack” on Smartphone/Devices to take control of e-wallets and net-banking accounts of victims

We at “CYBER SECURE INDIA” have identified and coined a new Cyber Attack, to which many have fallen victims in the recent past. The “Live Clonejack Attack”, has now become the talk among large number of Indians. The precaution that should be taken to guard against such attacks is also enumerated in this article. Recently, an audio clip had gone viral; of a lady probably in Bangalore/Pune, in which she narrates of the cyber crime incident and also the modus-operandi of the hacker, where she lost to the tune of a Lakh, when she performed a search on Google for a Gurudwara Booking and clicked on a link provided by the hacker.

In the particular case, the culprit may have manipulated the Google Search Engine Optimisation (SEO), wherein by typing “Gurudwara Near Me” on “Google”, the link that populates first on the browser is a “non-genuine” entity. This is possible by means of “SEO Manipulation”. Subsequently, the victim had made a call for enquiry. The culprit then had sent a link “To be an online form”. This form may look legitimate prima-facie, but the link along with a legitimate looking ‘form’ or a ‘website’, which is surreptitiously coded is also sent for execution to the victims Smartphone/Device; further, the culprit can also on your clicking of the link, install on your phone/device a “Remote-Access Software”. This then creates a “live clone” on the culprits PC or Smartphone. There are many such softwares that provide Remote-Access to the hacker (some of them that can be installed on Android/iOS/Windows/Linux are given below):

-Teamviewer

-Ammyy Admin

-Mikogo

-ThinVNC

-AnyDesk

-UltraVNC

-Chrome Remote Desktop

-WebEx Meetings

-LogMeIn Pro

-Join.me

-Splashtop

-VNC Connect

-pcAnywhere

-Android-VNC-Viewer

-GPP Remote Control

-PocketCloud Remote RDP / VNC

-PhoneMyPC

-Etc… (and many more…)

These softwares, directly or indirectly pass the control of the victims/clients device to another device/smartphone/pc, with full or partial control, as-if one was operating from the victims device or view activates on the clients screen. This is only possible if the paired software is installed on both the victim’s device and the attacker/hacker’s device.

Definition: Live Clonejack Attack is a malicious technique of tricking a user to click on a link provided by the attacker either on a Search Browser or to the Smartphone via SMS or WhatsApp or to an email ID, which the victim perceives as genuine and through the link the Smartphone/Device of the victim is provided the Remote Access Control to the attackers Smartphone/Device, who further executes the attack.

The “Live Clonejack Attack” is all about enticing you to click on the provided link, in which the attacker has made you install the paired software. Further, the culprit will obscure your vision, by either forcing you to keep your phone on ‘listening’ (on a conversation), or make keep your screen on ‘screen saver mode’ or will make the software run on the ‘background’. This then facilitates the attacker to make his move to either open the e-wallet app and do the necessary ‘draining out’ or even to get access to such apps that can then provide access to the online fiscal transaction or even hack the app to gain full control. Use of installed apps on the phone, is also done to get control of e-wallet accounts and also carry out net-banking ‘settings’ manipulations or even changing the profile settings and linked mobile numbers. In some case the feature of ‘collect request’ in the e-wallet app is used to withdraw money in the garb of depositing money.

“Remote Access” Software’s are not actually meant for any criminal activity; however, the source of the problem, according to our analysis, is careless use, and not a vulnerability of these softwares.

More about “Remote-Access” Softwares

Many of the available “Remote-Access” Softwares have three built-in functionalities to let user access to remote Smartphones/Computer. They are Remote Control, File Transfer and VPN (if driver is available). Majority of these functions do not have hidden mode and again most of them do not lets remote users to view or manage your Smartphone/devices without you noticing it. Though the customised “Remote-Access” software can go un-noticed or non-prompting, yet there are some problems with these softwares:

    • If required drivers are all installed (remote user can install that too) the culprit can disable your screen and lock your keyboard to carry out the hack without you noticing. In this case all one has to do is to disconnect the internet or just power-off the device.
    • The culprit can connect your smartphone/device with File Transfer function. However when the connection is established, a pop-up window with the actions at hand will populated. One can also see that the culprit can install malware or alternatively install a malicious code on the victims device.
    • If Remote-Access VPN driver is installed and active, the culprit can get into the WiFi network for an extended attack over a wider spectrum. If your network devices have default or weak passwords, the attacker can change WiFi access profile settings and get access to other devices on the Network.

What Precaution can one take against “Live Clonejack Attack

The rising popularity of Smartphones and also the ease of carrying out financial transactions through online-banking and e-wallets has made the avenues for fraud and hacks even more than the erstwhile eras. The improved qualifications of the hackers, coupled with users’ unfamiliarity with a certain feature in the smartphone which they carry, could be responsible for many falling victim to these types of Cyber Crimes. We at “CYBER SECURE INDIA” recommend the following so as to keep you secure and safe from such Financial Cyber Crimes:

    • It is not advisable to use the Google Search engine and then click on the first or most appealing link for its expansion. Remember, it is possible to manipulate the search and get the surreptitious link hosted by the hacker on the first page of a Google Search.
    • It is always better to verify and then call the legal and official numbers of call centers.
    • It is recommended that users should carefully analyse the link and look for the original link.
    • It is recommended that all notifications and links sent by anyone be verified before a monitory transaction is initiated.
    • Please read the notifications or pop-ups before going ahead while installing a software or navigating through a transaction.
    • If a suspicion is felt, do disconnect the internet, or even resort to switching off the Smartphone/Device.
    • In case of a suspected caller or a Tele-guide, cut the incoming/outgoing call to call back again after verification.
    • It is always better to receive the OTP on a different phone that does not have internet access.
    • At any point of time, do not share the screen, or take a screenshot and share it to any one, while on a tele-transaction or otherwise.
    • In case of suspicion, or if one has fallen victim; it is advised to call the Bank or block the account through appropriate means.
    • Follow correct cybersecurity practices, like not storing username/password on browsers, and use of strong password, etc.
    • Never store passwords as screen-shots and in word/notepad files on internet devices.

Precaution is Better than Remedies

India, due to its large population and also due to the rapid ITisation, has also been prey to a large number of Cyber Crime today. Between the year 2002 to 2010, India was extensively hit by the famous Nigerian Fraud 419 crime, in which huge amount of money was lost by Indians. (The number 419 refers to the article of the Nigerian Criminal Code (part of Chapter 38: “Obtaining property by false pretenses; Cheating”) dealing with fraud). Many of the Nigerian Fraud 419, cases was not traceable and the investigators had quickly given-up on them. The new “Live Clonejack Attack” has also targeted many victims and there are approximately 5 to 10 cases reported every day in India. The money lost in the “Live Clonejack Attack”, is difficult to be traced and there are legal formalities that is time consuming. The guarantee of the money being recovered or the suspect being booked, is quite bleak due to the clandestine nature of crime. It is better to be aware of the present day pattern of crimes and also be cautious of such suspicious tele-callers and internet-link based crime that is becoming a source of fast and easy money for criminals in India.

Top
%d bloggers like this: