A two-year old banking app scam has been updated by cyber-criminals that allows the hacker to lock a victims phone.
Once locked, the malware drains the victimâ€™s bank account while the victim is trying to regain control of his phone.
Trend Micro has dubbed the malware Operation Emmental and reports that the scam can now issue SMS codes to hack the phone in real time. It also resets the passwords and intercepts an SMS between the phone and the victim's bank. It then creates a fake bank site and steals the users login credentials.
Richard Tai, a mobile threat analyst with Trend Micro, said: â€œThe malware communicates to specific URLs or phone numbers without the user's awareness or consent. Depending on the attacker's preference, the malicious app can send messages to these destinations in real-time via SMS, or at a later time via an internet connection.â€