19 Minute Viral Video: The newest danger in the area of cybercrime is not an obscure file or a secured email attachment, but rather a fraudulent link that claims to provide access to an extremely popular “19-minute video“. This trick is known as social engineering which preys on human’s natural curiosity and the fear of being left out of the most interesting content. When one clicks on the link most of the time it is through social media or private messaging apps like WhatsApp and Telegram it does not take them to the video.
Instead, it starts a series of attacks that will ultimately install a very clever trojan horse for banking purposes on the user’s device, thus the main target is the mobile users. The real intention is not to let you watch a video but to secretly obtain those permissions that are needed for observing the activity in your banking app, intercepting the critical security codes, and draining your bank account in the end.
19-Minute Video Digital Phishing and Social Engineering
Cybercriminals have become quite proficient in the electronic phishing technique, they are using attractive clickbait at the same time to sneak a malicious link through a user’s vigilance.
The promise of a controversial, “leaked” 19-minute video is the perfect psychological trigger, thus, urging a click without thinking. The link usually goes through a chain of fake landing pages, showing a lot of ads that are exaggeratedly sensationalized and user-deceptive buttons that require user interaction to proceed. This activity, called social engineering, is the fundamental first step.
The very instant of interaction by a user maybe giving permission or clicking on what seems to be a video player he or she is getting the malicious load that might be an Android banking trojan or infostealer, delivered to the device, completely unaware of the delivery because the victim is still expecting the video to play.
The Banking Trojan’s Stealthy Bank Heist
After gaining access, this sort of banking trojan is operating in silence, and doing so with the highest possible authority. In the majority of cases, it asks for the Accessibility Services of the device to be granted under the guise of doing something harmless, which virtually gives it control of the device. The malware then lies in wait for the user to launch a legitimate banking app.
On the occurrence of this event, the bug presents a counterfeit login screen that is so perfectly aligned with the real app that it can’t be distinguished from it. All passwords, card numbers, or PINs that are typed on this counterfeit screen are immediately taken and sent to the attacker’s server.
One of the most important things to know is that the malware also has the ability to intercept SMS messages, which means that it can effectively steal One-Time Passwords (OTPs) or two-factor authentication codes, thus removing the bank’s security barriers and allowing the attackers to carry out unauthorized transactions, draining the victim’s account in the process. The only true defense against this ever-changing financial threat is to always be vigilant about unsolicited links.
Also Read: 19-Minute Instagram ‘Leaked MMS’ Still Trending: Here’s How Things Unfolded – Timeline
A recent media graduate, Bhumi Vashisht is currently making a significant contribution as a committed content writer. She brings new ideas to the media sector and is an expert at creating strategic content and captivating tales, having working in the field from past four months.
