Understand the phantom hand blow and learn how to protect yourself

With the population increasingly adopting a digital life, scams involving smartphones and bank accounts have become more frequent – ​​and sophisticated too. Now it's time for the call “Phantom Hand Scam”, which, like dozens of other scams, uses the victim's lack of knowledge and attention and malware to fraudulently gain access to a third party's account.

The alert was recently given by the Federal police and Brazilian Federation of Banks, They febraban. According to security agencies, at least 40 Brazilians have already become victims of the phantom hand blow. And for you not to become another number in this sad statistic, the showmetech helps you understand how it works and shows you ways to protect yourself.

What is Phantom Hand Swipe and How Does It Work

officially named from Ghost Hand Attack, the modality was presented in the Konferencia@Casa Forum 2021 da Kaspersky. The main objective of the scammers, as it could not be otherwise, is to have access to the victims' bank accounts in order to, in a few minutes, carry out a real clean of the available balance. According to the police, criminals usually withdraw money from the account through transfer, and all this remotely, without even being close to the injured customer.

The scam begins with the victim receiving a call, in which the recording appears to be those coming from telephone exchanges of banks and financial institutions. When transferred to an attendant, which in this case is the criminal himself, the consumer is informed that there are strange movements, such as a suspicious purchase and even a possible account invasion. The intention is to make the person worried and insecure with the information, facilitating the application of the coup.

Then, criminals, posing as bank employees, trick the victim into accessing a link to install an application that will solve the problem. When installing, however, the criminal gains access to all the data on the smartphone, including bank data. With access to the device, fraudsters perform thorough searches, search for passwords stored by users in applications and websites and, in this way, carry out fraudulent transactions, such as transfers, payment of bills and slips and loan requests.

According to the head of communication for the Federal Police in Pernambuco, Giovani Santoro, the estimate is that the coup has already claimed more than 40 victims in Brazil. Santoro also states that in addition to the phone call, criminals also use phishing, a technique that sends fake emails or text messages with security update messages from the bank's application or cell phone with links that induce the person to click and download the malicious programs.

"The program gives the criminal access to use the victim's device in real time and the owner begins to realize that the cell phone no longer follows his commands - and criminals are able to pay bills and slips, transfer values, request loans and make other transitions"

Giovani Santoro – head of communications at the Federal Police in Pernambuco

Although the scam focuses on smaller portable devices, such as smartphones and tablets, similar situations can happen to users of computers and notebooks, for example. Security experts even claim that some cases with the Team Viewer, a licit program that allows remote access to other devices, have already been registered.

I fell in the coup, is there a way to stop it in time?

According to security experts, turning off the device or keeping it disconnected from the internet can prevent scammers from continuing to look for passwords or perform new transactions. However, because all this happens in the background, it is more difficult for the victim to notice what is happening right away. It can also happen that the scammer reduces the brightness of the screen, so that he moves the smartphone without the user realizing it and, when the owner of the device uses biometric authentication to unlock the device, it ends up allowing a fraudulent transaction.

“The person does not realize that the cell phone is on low brightness and thinks that it is locked because of the darkened screen. When trying to unlock the cell phone with biometrics, it ends up allowing the coup to take place”

To date, three families of RATs (abbreviation for Remote Access Trojan, in other words, malicious program that remotely access devices such as cell phones, computers and systems) used in Ghost Hand Attacks were detected by institutions: the banking trojan group ghimob, BRate e TwMobo. Initially acting only in Brazil, today the three malicious programs have already victimized people and institutions in Latin America, Europe and the United States.

Such programs do not bypass security or personal access locks directly from the infected device. In addition, they have direct access to authentication factors, such as SMS code and email, being able to change passwords to whatever they want. In other words, they are malware that rely on users' involuntary “help” to act on the device and system.

In the case of Brata, the trojan appears as a fake app on its own Google Play Store and, when infecting a device, it allows full control of the device, redirecting it to phishing pages. Having its first appearance dated in the year 2019, the BRate has now reappeared with changes in its “structure”, making it more difficult for security apps to detect it, such as antiviruses.

O ghimob is another remote trojan that acts in a similar way. By abusing the smartphone's motion detection feature, used to guide people with low vision, the trojan tracks the hits of everything the victim sees and does. In this way, it captures passwords and unlock patterns.

Most worrisome of all, however, is the trojan family known as TwMobo. It not only takes full control of the smartphone, it also locks the device in Protect Mode. The danger of this latest malware lies in the fact that it doesn't just target banking data and social networks, but the victim's entire behavior. This malware family can only be removed after a factory reset or a full scan with a good antivirus.

So, in short, after noticing that your device has been hijacked by one of these deceptive software, immediately disconnect your cell phone from the internet and try to scan your cell phone with your antivirus. If you still don't feel safe, reset the device to factory settings, removing all files and programs present on the device.

And how to protect yourself from the blow before it happens?

The Federal Police released a series of tips to prevent new people from becoming victims of cyber criminals. Are they:

• Banks never get in touch asking to install apps or send links to their customers without their having asked. If in doubt, contact your bank yourself using the phone number on the back of your card or go to your branch for clarification.
• Never install unknown apps or received by instant messages, SMS, WhatsApp or emails.
• Avoid downloading banking apps outside the official store of your mobile operating system
• Official bank apps are already safe. There is no record of security breaches recorded and no additional applications need to be installed to increase security.
• The customer can see in the app itself, in case a transaction has not been approved. If nothing appears, it is a sign that this could be a scam.
• Always use two-factor authentication for transaction authorization.
• Develop the habit of changing your passwords regularly, creating strong passwords and storing them securely in a trusted manager.
• If you have already been a victim of the “ghost hand” scam or any other financial fraud, look for a police station specializing in digital crimes and file a report.

With these guidelines, it is possible to notice that they follow the same premises that are often heard and seen in headlines on websites, radio and TV: do not download programs or click on links sent by strangers; if you receive a call with information that may make you vulnerable, hang up immediately and call your bank's contact number on your credit card; and finally, always use two-factor authentication for transaction authorization.

It should be noted that showmetech frequently produces posts that focus on digital security, with tips and apps that users can use to stay even more secure. As examples, we have a article that teaches how to hide banking apps and brings other tips to avoid falling into scams, and we also explain how it works and how to use Microsoft Authenticator, which can be very useful in the fight against the breach of important personal data. It is still possible search on our homepage for “security” and have access to the main content on the topic.

See also:

Recently, a report by HP pointed out that leaked personal data sells for $5 on the black market. Understand and see how companies can protect themselves.

Sources: Folha de S. Paul, Estadão.