1.0 What is Malware?
Malware is short for Malicious Software.
The commonly known malwares are like viruses, worms and trojan horses. Malware is any kind of hazardous software that is installed in your electronic device without your knowledge or consent.
2.0 How does the "Zeus" malware work on infected computers or mobile/tablets?
Once the device is infected with malware, the fraudster is able to inject modified fake contents or pages while you are accessing a legitimate online banking website via your Internet browser.
The bank will never communicate to you with urgent appeals that your account may be suspended or closed if you fail to confirm, verify or authenticate your company's banking information on the website.
3.0 Does the "Zeus" malware affect all smartphone operating systems?
Based on an initial analysis by Malaysia Computer Emergency Response Team (MyCERT), the affected systems are:
- Smartphones running on Android platform
- Vulnerable and unlatched Windows Operating System
4.0 How does malware infect your computers, smartphones or tablet?
4.1 From email with Website URL hyperlinks or attachments: Opening an email attachment or clicking on a hyperlink may contain and allow the malware to be installed into your PC, smartphone or table devices. When receiving an email with a hyperlink or an attachment, if the email was not expected or from someone you don't know, delete it. If the email is from an organisation or someone you know and you're not expecting it or requested for it, be cautious too; do not click on the given hyperlink or open the attachment as instructed, contact the sender to verify beforehand
4.2 From mobile SMS or MMS with website URL or attachments: Same as above emails with hyperlinks or attachments
4.3 From instant mobile or web messaging with website URL or attachments: Same as above emails with hyperlinks or attachments. Examples of instant messaging are WhatsApp, Twitter and Line.
4.4 Accepting without reading: A user accepts what is prompted on the screen without reading the prompt or understand what it's asking. For example: while browsing a webpage, an Internet advertisement or window appears that says your computer is infected with a virus or malware; you have won a prize; asking to complete a survey or that a unique plug-in is required. Without fully understanding what is it you're getting, you accept the prompt that will install a malware.
4.5 Downloading applications (apps) from a website: Download programs only from the reputable websites and with a valid digital signature. If you are unsure, leave the site and research the website and the software you are being asked to install. If it is OK, you can always come back to site and install it. Files that don't have a digital signature or were downloaded from an unknown source should always be treated as dangerous.
4.6 Not running the latest operating system, web browser or application updates: Running a web browser, applications or operating system that is not up-to-date with the latest updates can be a big security risk and can be a way your computer becomes infected. Some of the updates from your computer, smartphone,mobile, tablet manufacturers, web-browser or application providers (e.g. Microsoft, Apple, Blackberry, Samsung, LG, Adobe, Google, Mozilla etc), are security updates. Make sure you perform and have the latest updates to minimise the risk of malware infections.
4.7 No antivirus scanner: It's highly recommended that you have some form of antivirus on your computer, mobile or tablet to help clean it from any infections and to help prevent any future infections.
5.0 How to protect yourself from malware?
5.1 Never click on unknown website links or open an attachment sent via email, SMS, Twitter, WhatsApp or other popular text/instant communication applications, especially when the content is related to financial matters.
5.2 Be a smart surfer when browsing websites that are new to you, be careful of any pop-up windows that request for your personal information or prompts you to use certain program.
5.3 Be very selective of the files or programs that you would like to download, always double-check the genuineness of the website and the source, even if it comes from your friends.
5.4 Keep your operating system, Internet browser, applications and firewall up to date.
5.5 Install robust anti-virus, anti-spyware and firewall software on your computer and other devices and configure it to update automatically in a regular internals.
5.6 Run full system scan periodically to remove any new found virus or malware, and you must reset your password and clear all browser caches, history, cookies, before you log in to your online banking again.
5.7 Beware of messages that require you to click on links to download and install a mobile app on your phone. This could be a malicious app.
5.8 𝐃𝐄𝐋𝐄𝐓𝐄 the app immediately if it asks you for permission to access your SMS function or to enter your online banking username and password without showing your security picture.
6.0 Take note of any unusual signs on the daily handling of your mobile devices:
6.1 High frequency of apps crashing unexpectedly
6.2 Device battery drains out quickly
6.3 Pop-up notifications or advertisements to install other apps
6.4 Overall device performance becomes sluggish without apparent reasons
6.5 Outgoing and incoming SMS/calls being disrupted
7.0 IMPORTANT REMINDER when you're assessing Hong Leong Connect:
7.1 Do not respond to any form of pop-up screen or window or additional web pages asking for your personal info and smartphone platform (Android, Windows, etc)
7.2 Do not simply download and install/update any app on your computer or mobile/tablet without verification
7.3 Do not root or otherwise 'Jailbreak' your computer or mobile/tablet devices and avoid side loading (installing from non-official sources)
7.4 Notify the Bank immediately when you came across anything suspicious or unusual web pages asking for personal information when you are about to login to your Hong Leong Connect BIZ.
7.5 You are advised not to proceed with your online banking transactions until your computer or device has been checked and disinfected
8.1 Media Release dated 25 September 2014 by CyberSecurity Malaysia
8.2 Detailed information about malware and protection tips on MyCert Alert