{"id":25712,"date":"2013-06-03T16:34:53","date_gmt":"2013-06-03T23:34:53","guid":{"rendered":"http:\/\/blogs.mcafee.com\/?p=25712"},"modified":"2025-06-03T21:36:07","modified_gmt":"2025-06-04T04:36:07","slug":"phishing-attack-replaces-android-banking-apps-with-malware","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-attack-replaces-android-banking-apps-with-malware\/","title":{"rendered":"Phishing Attack Replaces Android Banking Apps With Malware"},"content":{"rendered":"<p>Mobile devices are also increasingly being used to manage a critical and important asset for all of us: our money. According to the Federal Reserve Board <a href=\"http:\/\/www.federalreserve.gov\/econresdata\/consumers-and-mobile-financial-services-report-201303.pdf\">report \u201cConsumers and Mobile Financial Services 2013,\u201d<\/a> in the United States \u201c48 percent of smartphone owners have used mobile banking in the past 12 months, up from 42 percent in December 2011.\u201d Of that 48 percent, \u201cNearly half of mobile banking users appear to be using mobile apps to conduct their banking transactions, as 49 percent have installed such applications on their phones.\u201d<\/p>\n<p>Recently a new Android banking Trojan that replaces popular South Korean banking apps with malware was <a href=\"http:\/\/erteam.nprotect.com\/418\">found<\/a> in the wild. This threat steals sensitive information and banking credentials to perform financial fraud. Like other mobile threats in South Korea (like Smsilence), this one uses &#8220;smishing&#8221; (SMS phishing) attacks that employ fake messages from the <a href=\"http:\/\/www.fsc.go.kr\/\">Financial Services Commission<\/a>\u00a0asking users to install new antimalware protection. However, when the user clicks on the shortened URL, what it is being downloaded is in fact malware, which masquerades as the Google Play app, using the same icon (but without a label):<\/p>\n<p>If the victim executes the malware, it checks whether any of the following South Korean banking apps are installed: KB Kookmin Card (from the biggest credit card company in the country), IBK (Industrial Bank of Korea), <a href=\"https:\/\/play.google.com\/store\/apps\/details?id=com.shinhan.sbanking\">Shinhan Bank<\/a>, Nonghyup Bank, Woori Bank, SC First Bank (currently not available in Google Play), Hana Bank and <a href=\"https:\/\/play.google.com\/store\/apps\/details?id=com.smg.spbs\">KFCC <\/a>(Korean Federation of Community Credit Cooperatives). If the malware finds one or more of them, it whether the device is rooted&#8211;to perform a silent uninstall of the banking application by executing the following commands with root (superuser) privileges:<\/p>\n<ul>\n<li>mount -o remount rw \/data (remount the data partition as read\/write)<\/li>\n<li>chmod 777 \/data\/app\/&lt;package_name_banking_app&gt;.apk (changes permissions of APK file)<\/li>\n<li>pm uninstall &lt;package_name_banking_app&gt; (silently removes the application)<\/li>\n<\/ul>\n<p>If the user does not have the device rooted (the su binary is not present), the fake Google Play app asks to uninstall the legitimate banking app and, in exchange, offers the installation of another app (even if the user already granted root privileges) with the same icon but requesting very suspicious permissions:<\/p>\n<p>The new installed app comes inside the assets folder of the original, fake Google Play app, which was distributed via SMS to the victim. The new app is basically the same malware but customized (with icons and menus) for each of the banks previously mentioned to perform more successful phishing attacks and steal financial information from the victim. For some banks, the phishing attack includes text reporting that the application is certified by Yessign (a certification authority in South Korea) showing and asking to accept the terms and conditions of the certificate (the collection and use of personal information) to &#8220;ensure&#8221; the victim that the recently installed app belongs to the bank:<\/p>\n<p style=\"text-align: left;\">Sometimes the malware directly asks the victim to enter banking credentials such as Social Security Number (\uc8fc\ubbfc\ub4f1\ub85d\ubc88\ud638), account number (\uacc4\uc88c\ubc88\ud638), account password (\uacc4\uc88c\ube44\ubc00\ubc88\ud638), withdrawal account number (\ucd9c\uae08\uacc4\uc88c), user ID (\uc0ac\uc6a9\uc790 ID), Internet banking ID (\uc778\ud130\ub137\ubc45\ud0b9), Resident Registration Number (\uc8fc\ubbfc\ub4f1\ub85d\ubc88\ud638), and password (\ube44\ubc00\ubc88\ud638\u00a0):<\/p>\n<p style=\"text-align: left;\">Next we see the malware attempt to get the grid card serial number\u00a0and values:<\/p>\n<p style=\"text-align: left;\">After that it also asks for the certificate password (\uc778\uc99d\uc11c\uc554\ud638),\u00a0another authentication factor:<\/p>\n<p style=\"text-align: left;\">In the case of the Nonghyup and KFCC banks, the malware asks for the information in only one interface: name (\uc774\ub984), Social Security Number (\uc8fc\ubbfc\ub4f1\ub85d\ubc88\ud638), cell phone number (\ud578\ub4dc\ud3f0 \ubc88\ud638), user ID (\uc774\uc6a9\uc790 ID), user password (\uc774\uc6a9\uc790 PW), account number (\uacc4\uc88c\ubc88\ud638), and password (\uacc4\uc88c\ube44\ubc00\ubc88\ud638)\u00a0and security card serial number (\ubcf4\uc548\uce74\ub4dc \uc77c\ub828\ubc88\ud638):<\/p>\n<h2>Malicious Actions Done by Malware<\/h2>\n<p style=\"text-align: left;\">All the captured information is later sent to a remote server via HTTP along with the phone number of the infected device. In addition to the phishing attack, the malware can also perform the following actions in the background and without the user\u2019s consent:<\/p>\n<ul>\n<li>Detects when a new outgoing\/incoming call is made\/received, obtains the incoming number, changes the ringer mode to silence, and ends the call<\/li>\n<li>Intercepts incoming SMS messages and sends the data (origin and message body) to a remote server<\/li>\n<li>Starts a service in the background that tries to uninstall the targeted banking app (in case it is still present) and sends SMS messages to premium-rate numbers using the data (number and keyword) sent by the control server via HTTP<\/li>\n<\/ul>\n<p>Taking into account the increasing use of mobile banking apps worldwide, there is a huge potential in targeting them just as we&#8217;ve seen in South Korea, and of course there is a strong chance of seeing this type of malware emerge in other regions like Europe and America. On the other hand, this new threat shows that Android malware targeting financial transactions have evolved from a joint PC-mobile attack (like <a href=\"https:\/\/securingtomorrow.mcafee.com\/mcafee-labs\/dissecting-zeus-for-android-or-is-it-just-an-sms-spyware\">Zitmo<\/a> and <a href=\"https:\/\/securingtomorrow.mcafee.com\/mcafee-labs\/spitmo-vs-zitmo-banking-trojans-target-android\">Spitmo<\/a>), phishing attacks via apps (like <a href=\"https:\/\/securingtomorrow.mcafee.com\/mcafee-labs\/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan\">FakeToken<\/a>), and SMS messages using only an URL to a unified threat that replaces legitimate banking apps with a malicious application to obtain several authentication factors. These include account password, grid card, certificate password, and mTANs sent via SMS. The threat also behaves like traditional Android malware by sending SMS messages without the users&#8217; consent.<\/p>\n<p>McAfee Mobile Security detects this threat as Android\/FakeBankDropper.A and Android\/FakeBank.A and alerts mobile users if it is present, while protecting them from any data loss. For more information about McAfee Mobile Security, visit <a href=\"https:\/\/www.mcafeemobilesecurity.com\">https:\/\/www.mcafeemobilesecurity.com<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Mobile devices are also increasingly being used to manage a critical and important asset for all of us: our money&#8230;.<\/p>\n","protected":false},"author":462,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[37,1814,180],"coauthors":[1104],"class_list":["post-25712","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-android","tag-computer-security","tag-malware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Phishing Attack Replaces Android Banking Apps With Malware | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Mobile devices are also increasingly being used to manage a critical and important asset for all of us: our money. According to the Federal Reserve Board\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Phishing Attack Replaces Android Banking Apps With Malware | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Mobile devices are also increasingly being used to manage a critical and important asset for all of us: our money. According to the Federal Reserve Board\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-attack-replaces-android-banking-apps-with-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2013-06-03T23:34:53+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-04T04:36:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/05\/CASTILLO_FakeBankDropperIcon.png\" \/>\n<meta name=\"author\" content=\"Carlos Castillo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@carlosacastillo\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Carlos Castillo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-attack-replaces-android-banking-apps-with-malware\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-attack-replaces-android-banking-apps-with-malware\/\"},\"author\":{\"name\":\"Carlos Castillo\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/894ee4a790607d505a13c24955d2edbe\"},\"headline\":\"Phishing Attack Replaces Android Banking Apps With Malware\",\"datePublished\":\"2013-06-03T23:34:53+00:00\",\"dateModified\":\"2025-06-04T04:36:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-attack-replaces-android-banking-apps-with-malware\/\"},\"wordCount\":891,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"keywords\":[\"android\",\"computer security\",\"malware\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-attack-replaces-android-banking-apps-with-malware\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-attack-replaces-android-banking-apps-with-malware\/\",\"name\":\"Phishing Attack Replaces Android Banking Apps With Malware | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"datePublished\":\"2013-06-03T23:34:53+00:00\",\"dateModified\":\"2025-06-04T04:36:07+00:00\",\"description\":\"Mobile devices are also increasingly being used to manage a critical and important asset for all of us: our money. According to the Federal Reserve Board\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-attack-replaces-android-banking-apps-with-malware\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-attack-replaces-android-banking-apps-with-malware\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-attack-replaces-android-banking-apps-with-malware\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Phishing Attack Replaces Android Banking Apps With Malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/894ee4a790607d505a13c24955d2edbe\",\"name\":\"Carlos Castillo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/729f5b9d2761341175762c5f10652607\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Carlos-Castillo-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Carlos-Castillo-96x96.jpg\",\"caption\":\"Carlos Castillo\"},\"description\":\"Carlos Castillo specializes in the analysis of mobile threats and Android malware. Castillo performs static and dynamic analysis of suspicious applications to support McAfee\u2019s Mobile Security for Android product. He is the author of the McAfee-published white paper, \\\"Android Malware Past, Present, and Future,\u201d and wrote the \u201cHacking Android\\\" section of the book, \\\"Hacking Exposed 7: Network Security Secrets &amp; Solutions.\u201d As a recognized mobile malware researcher, Castillo has presented at several security industry events, including 8.8 Computer Security Conference and Segurinfo, a leading information security conference in South America. Prior to his position at McAfee, Castillo performed security compliance audits for the Superintendencia Financiera of Colombia, and worked at security startup Easy Solutions Inc., where he conducted penetration tests on web applications, helped shut down phishing and malicious websites, supported security and network appliances, performed functional software testing, and assisted in research and development related to anti-electronic fraud. Castillo joined the world of malware research when he won ESET Latin America\u2019s Best Antivirus Research contest with a paper titled, \u201cSexy View: The Beginning of Mobile Botnets.\u201d Castillo holds a degree in systems engineering from the Universidad Javeriana in Bogot\u00e1, Colombia.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/carlosacastillo\/\",\"https:\/\/x.com\/carlosacastillo\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/carlos-castillo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Phishing Attack Replaces Android Banking Apps With Malware | McAfee Blog","description":"Mobile devices are also increasingly being used to manage a critical and important asset for all of us: our money. According to the Federal Reserve Board","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Phishing Attack Replaces Android Banking Apps With Malware | McAfee Blog","og_description":"Mobile devices are also increasingly being used to manage a critical and important asset for all of us: our money. According to the Federal Reserve Board","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-attack-replaces-android-banking-apps-with-malware\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2013-06-03T23:34:53+00:00","article_modified_time":"2025-06-04T04:36:07+00:00","og_image":[{"url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/05\/CASTILLO_FakeBankDropperIcon.png","type":"","width":"","height":""}],"author":"Carlos Castillo","twitter_card":"summary_large_image","twitter_creator":"@carlosacastillo","twitter_site":"@McAfee","twitter_misc":{"Written by":"Carlos Castillo","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-attack-replaces-android-banking-apps-with-malware\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-attack-replaces-android-banking-apps-with-malware\/"},"author":{"name":"Carlos Castillo","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/894ee4a790607d505a13c24955d2edbe"},"headline":"Phishing Attack Replaces Android Banking Apps With Malware","datePublished":"2013-06-03T23:34:53+00:00","dateModified":"2025-06-04T04:36:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-attack-replaces-android-banking-apps-with-malware\/"},"wordCount":891,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"keywords":["android","computer security","malware"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-attack-replaces-android-banking-apps-with-malware\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-attack-replaces-android-banking-apps-with-malware\/","name":"Phishing Attack Replaces Android Banking Apps With Malware | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"datePublished":"2013-06-03T23:34:53+00:00","dateModified":"2025-06-04T04:36:07+00:00","description":"Mobile devices are also increasingly being used to manage a critical and important asset for all of us: our money. According to the Federal Reserve Board","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-attack-replaces-android-banking-apps-with-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-attack-replaces-android-banking-apps-with-malware\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/phishing-attack-replaces-android-banking-apps-with-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Phishing Attack Replaces Android Banking Apps With Malware"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/894ee4a790607d505a13c24955d2edbe","name":"Carlos Castillo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/729f5b9d2761341175762c5f10652607","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Carlos-Castillo-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Carlos-Castillo-96x96.jpg","caption":"Carlos Castillo"},"description":"Carlos Castillo specializes in the analysis of mobile threats and Android malware. Castillo performs static and dynamic analysis of suspicious applications to support McAfee\u2019s Mobile Security for Android product. He is the author of the McAfee-published white paper, \"Android Malware Past, Present, and Future,\u201d and wrote the \u201cHacking Android\" section of the book, \"Hacking Exposed 7: Network Security Secrets &amp; Solutions.\u201d As a recognized mobile malware researcher, Castillo has presented at several security industry events, including 8.8 Computer Security Conference and Segurinfo, a leading information security conference in South America. Prior to his position at McAfee, Castillo performed security compliance audits for the Superintendencia Financiera of Colombia, and worked at security startup Easy Solutions Inc., where he conducted penetration tests on web applications, helped shut down phishing and malicious websites, supported security and network appliances, performed functional software testing, and assisted in research and development related to anti-electronic fraud. Castillo joined the world of malware research when he won ESET Latin America\u2019s Best Antivirus Research contest with a paper titled, \u201cSexy View: The Beginning of Mobile Botnets.\u201d Castillo holds a degree in systems engineering from the Universidad Javeriana in Bogot\u00e1, Colombia.","sameAs":["https:\/\/www.linkedin.com\/in\/carlosacastillo\/","https:\/\/x.com\/carlosacastillo"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/carlos-castillo\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/25712","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/462"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=25712"}],"version-history":[{"count":4,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/25712\/revisions"}],"predecessor-version":[{"id":215043,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/25712\/revisions\/215043"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=25712"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=25712"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=25712"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=25712"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}