{"id":76583,"date":"2017-08-14T16:28:18","date_gmt":"2017-08-14T23:28:18","guid":{"rendered":"https:\/\/securingtomorrow.mcafee.com\/?p=76583"},"modified":"2025-06-05T07:45:01","modified_gmt":"2025-06-05T14:45:01","slug":"smishing-campaign-steals-banking-credentials-u-s","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/","title":{"rendered":"Smishing Campaign Steals Banking Credentials in U.S."},"content":{"rendered":"

The McAfee Mobile Research team recently found an active smishing campaign, using SMS messages, that targets online banking users in the United States. The messages attempt to scare victims with a notice that the bank account will be soon closed and that the user must immediately click a malicious URL:<\/p>\n

\"\"<\/a><\/p>\n

Figure 1: Phishing SMS message.<\/em><\/p>\n

The structure of the message\u2014with the fields \u201cFRM\u201d and \u201cMSG\u201d\u2014is very similar to the smishing campaign<\/a> that we saw at the end of July 2016 that targeted iOS users. That campaign attempted to steal Apple account credentials. Instead of using shortened URLs that allow us to track the number of clicks and the creation date of the URL, however, this campaign uses a nonfunctional URL that contains the name of the financial institution to appear less suspicious.<\/p>\n

Fake customer identification program<\/h2>\n

Once the user clicks on that URL, it is redirected to a hacked site that appears to be the real bank’s. The page asks the user to verify identity via its fake customer identification program (CIP) and threatens to inactivate the account and refuse transactions until the identity is confirmed:<\/p>\n

\"\"<\/a>Figure 2:\u00a0Fake customer identification program.<\/em><\/p>\n

Once the user clicks \u201cMessage Received,\u201d the next step is to enter username and password:<\/p>\n

\"\"<\/a><\/p>\n

Figure 3:\u00a0Phishing website asking for mobile banking credentials.<\/em><\/p>\n

Cybercriminals know that a username and password are not enough to get complete access to a victim\u2019s bank account, so they ask for additional sensitive information such as social security number, card number, and even ATM PIN. The site promises that the card will be unlocked once the information is provided:<\/p>\n

\"\"<\/a>Figure 4:\u00a0Phishing web page asking additional banking and sensitive information.<\/em><\/p>\n

Stealing the second factor of authentication<\/h2>\n

The final step in this phishing scheme is to pass through a second layer of security by asking the victim to provide a unique access code that the financial institution sends to the user via SMS when accessing certain banking services:<\/p>\n

\"\"<\/a>Figure 5:\u00a0Phishing web page asking for the key to second-factor authentication.<\/em><\/p>\n

The request for the second factor of authentication allows the cybercriminals to access the victim\u2019s bank account. When the victim clicks on \u201cConfirm my identity,\u201d the access code is captured and the browser is redirected to the legitimate website of the financial institution, making the user believe that the fake CIP was completed successfully, when in fact this sensitive and banking information was only successfully stolen from the victim.<\/p>\n

Cybercriminals know that the weakest link in the security chain is always the user, so they constantly attempt to take advantage by running smishing and other campaigns to steal as much sensitive information as possible and fraudulently access victims’ accounts. Looking at the effects of previous smishing campaigns, we see that attackers can target any type of user account as long as they can gain unauthorized access. To protect yourselves from this and similar threats, always suspect unwanted SMS messages or calls from unknown numbers, avoid clicking suspicious links, and think twice before providing sensitive and private information to anyone.<\/p>\n","protected":false},"excerpt":{"rendered":"

The McAfee Mobile Research team recently found an active smishing campaign, using SMS messages, that targets online banking users in…<\/p>\n","protected":false},"author":462,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[76,214,4185],"coauthors":[1104],"class_list":["post-76583","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-cybercrime","tag-mobile-security1","tag-phishing"],"acf":[],"yoast_head":"\nSmishing Campaign Steals Banking Credentials in U.S. | McAfee Blog<\/title>\n<meta name=\"description\" content=\"The McAfee Mobile Research team recently found an active smishing campaign, using SMS messages, that targets online banking users in the United States.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Smishing Campaign Steals Banking Credentials in U.S. | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"The McAfee Mobile Research team recently found an active smishing campaign, using SMS messages, that targets online banking users in the United States.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2017-08-14T23:28:18+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-05T14:45:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/08\/20170804-Smish-Smishing_SMS_message.png\" \/>\n\t<meta property=\"og:image:width\" content=\"750\" \/>\n\t<meta property=\"og:image:height\" content=\"558\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Carlos Castillo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@carlosacastillo\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Carlos Castillo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/\"},\"author\":{\"name\":\"Carlos Castillo\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/894ee4a790607d505a13c24955d2edbe\"},\"headline\":\"Smishing Campaign Steals Banking Credentials in U.S.\",\"datePublished\":\"2017-08-14T23:28:18+00:00\",\"dateModified\":\"2025-06-05T14:45:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/\"},\"wordCount\":513,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/08\/20170804-Smish-Smishing_SMS_message-300x223.png\",\"keywords\":[\"cybercrime\",\"mobile security\",\"Phishing\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/\",\"name\":\"Smishing Campaign Steals Banking Credentials in U.S. | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/08\/20170804-Smish-Smishing_SMS_message-300x223.png\",\"datePublished\":\"2017-08-14T23:28:18+00:00\",\"dateModified\":\"2025-06-05T14:45:01+00:00\",\"description\":\"The McAfee Mobile Research team recently found an active smishing campaign, using SMS messages, that targets online banking users in the United States.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/08\/20170804-Smish-Smishing_SMS_message-300x223.png\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/08\/20170804-Smish-Smishing_SMS_message-300x223.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Smishing Campaign Steals Banking Credentials in U.S.\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/894ee4a790607d505a13c24955d2edbe\",\"name\":\"Carlos Castillo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/729f5b9d2761341175762c5f10652607\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Carlos-Castillo-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Carlos-Castillo-96x96.jpg\",\"caption\":\"Carlos Castillo\"},\"description\":\"Carlos Castillo specializes in the analysis of mobile threats and Android malware. Castillo performs static and dynamic analysis of suspicious applications to support McAfee\u2019s Mobile Security for Android product. He is the author of the McAfee-published white paper, \\\"Android Malware Past, Present, and Future,\u201d and wrote the \u201cHacking Android\\\" section of the book, \\\"Hacking Exposed 7: Network Security Secrets & Solutions.\u201d As a recognized mobile malware researcher, Castillo has presented at several security industry events, including 8.8 Computer Security Conference and Segurinfo, a leading information security conference in South America. Prior to his position at McAfee, Castillo performed security compliance audits for the Superintendencia Financiera of Colombia, and worked at security startup Easy Solutions Inc., where he conducted penetration tests on web applications, helped shut down phishing and malicious websites, supported security and network appliances, performed functional software testing, and assisted in research and development related to anti-electronic fraud. Castillo joined the world of malware research when he won ESET Latin America\u2019s Best Antivirus Research contest with a paper titled, \u201cSexy View: The Beginning of Mobile Botnets.\u201d Castillo holds a degree in systems engineering from the Universidad Javeriana in Bogot\u00e1, Colombia.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/carlosacastillo\/\",\"https:\/\/x.com\/carlosacastillo\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/carlos-castillo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Smishing Campaign Steals Banking Credentials in U.S. | McAfee Blog","description":"The McAfee Mobile Research team recently found an active smishing campaign, using SMS messages, that targets online banking users in the United States.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Smishing Campaign Steals Banking Credentials in U.S. | McAfee Blog","og_description":"The McAfee Mobile Research team recently found an active smishing campaign, using SMS messages, that targets online banking users in the United States.","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2017-08-14T23:28:18+00:00","article_modified_time":"2025-06-05T14:45:01+00:00","og_image":[{"width":750,"height":558,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/08\/20170804-Smish-Smishing_SMS_message.png","type":"image\/png"}],"author":"Carlos Castillo","twitter_card":"summary_large_image","twitter_creator":"@carlosacastillo","twitter_site":"@McAfee","twitter_misc":{"Written by":"Carlos Castillo","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/"},"author":{"name":"Carlos Castillo","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/894ee4a790607d505a13c24955d2edbe"},"headline":"Smishing Campaign Steals Banking Credentials in U.S.","datePublished":"2017-08-14T23:28:18+00:00","dateModified":"2025-06-05T14:45:01+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/"},"wordCount":513,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/08\/20170804-Smish-Smishing_SMS_message-300x223.png","keywords":["cybercrime","mobile security","Phishing"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/","name":"Smishing Campaign Steals Banking Credentials in U.S. | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/08\/20170804-Smish-Smishing_SMS_message-300x223.png","datePublished":"2017-08-14T23:28:18+00:00","dateModified":"2025-06-05T14:45:01+00:00","description":"The McAfee Mobile Research team recently found an active smishing campaign, using SMS messages, that targets online banking users in the United States.","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/08\/20170804-Smish-Smishing_SMS_message-300x223.png","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/08\/20170804-Smish-Smishing_SMS_message-300x223.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/smishing-campaign-steals-banking-credentials-u-s\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Smishing Campaign Steals Banking Credentials in U.S."}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/894ee4a790607d505a13c24955d2edbe","name":"Carlos Castillo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/729f5b9d2761341175762c5f10652607","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Carlos-Castillo-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Carlos-Castillo-96x96.jpg","caption":"Carlos Castillo"},"description":"Carlos Castillo specializes in the analysis of mobile threats and Android malware. Castillo performs static and dynamic analysis of suspicious applications to support McAfee\u2019s Mobile Security for Android product. He is the author of the McAfee-published white paper, \"Android Malware Past, Present, and Future,\u201d and wrote the \u201cHacking Android\" section of the book, \"Hacking Exposed 7: Network Security Secrets & Solutions.\u201d As a recognized mobile malware researcher, Castillo has presented at several security industry events, including 8.8 Computer Security Conference and Segurinfo, a leading information security conference in South America. Prior to his position at McAfee, Castillo performed security compliance audits for the Superintendencia Financiera of Colombia, and worked at security startup Easy Solutions Inc., where he conducted penetration tests on web applications, helped shut down phishing and malicious websites, supported security and network appliances, performed functional software testing, and assisted in research and development related to anti-electronic fraud. Castillo joined the world of malware research when he won ESET Latin America\u2019s Best Antivirus Research contest with a paper titled, \u201cSexy View: The Beginning of Mobile Botnets.\u201d Castillo holds a degree in systems engineering from the Universidad Javeriana in Bogot\u00e1, Colombia.","sameAs":["https:\/\/www.linkedin.com\/in\/carlosacastillo\/","https:\/\/x.com\/carlosacastillo"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/carlos-castillo\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/76583","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/462"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=76583"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/76583\/revisions"}],"predecessor-version":[{"id":215142,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/76583\/revisions\/215142"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=76583"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=76583"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=76583"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=76583"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}