November 10, 2019by Cybersixgill

Mobile Banking Malware 101

As smartphone penetration continues to rise, people rely on their mobile devices to provide near constant access to information. The importance of connectivity has made such devices an essential part of one’s personal and work life, allowing users to complete various tasks while on the move. Coupled with smaller screens on phones – and a user interface that provides a simple (and limited) way to interact with a device’s applications, smartphone users are increasingly becoming more vulnerable to social engineering tactics.

Users are more likely to open potentially malicious emails, click a link by SMS, or download a rogue application on their phone, where they are often distracted, as opposed to a desktop or laptop. In this context, mobile-based banking malware has increasingly become a threat. Broadly speaking, there are two main types of mobile banking malware: fake banking apps and mobile banking trojans.

Fake banking applications

Fake banking apps are rogue applications that appear to be legitimate and are unknowingly downloaded through official app stores such as the Google Play Store or in unofficial third-party app stores. They mimic a real banking application to obtain login credentials, which can be used to extract funds. In order to foster downloads, rogue apps can also imitate other useful applications, such as those related to productivity, shopping, financial, and stock related apps.

Mobile banking trojans

Mobile banking trojans compromise a device, oftentimes through social engineering technique to trick users, much like the majority of malware. These can often come in the form of a social media attachments or reside on a malicious website, which then prompt a user to install an application that appears completely legitimate. The most common method to steal credentials in a mobile banking trojan is through the use of an overlay template, which is applied to a legitimate banking app’s login screen. The user then unknowingly provides their credentials to the threat actor.

Not just for banking

While both fake banking apps and mobile banking trojans are targeting your credentials through keylogging and screenshotting, they oftentimes have capabilities beyond this scope. This includes but isn’t limited to various ways to spy on you, including recording your audio, stealing photos, text messages, videos, contact lists, calendar events, and browser histories. Some have enhanced SMS capabilities – with the ability to hide, send, or intercept texts. Additionally, they can create backdoors to deploy additional malware, encrypt the files on your phone, and track your location, among others. Fake banking apps and mobile banking trojans can be more than just going after your credentials.

What should you do?

Threat actors on the dark web are constantly improving their capabilities and respond to new security features meant to deny them of their source of income. While this cat and mouse game will continue, there are ways that one can mitigate the risks from the continuously evolving world of mobile banking malware. Since people are frequently distracted when operating mobile phones – they are more susceptible to becoming victims to social engineering tactics. When downloading mobile applications, a user is recommended to go to the developer’s website and click the link from there. Be wary of requests to change permissions on your mobile phone. In the same way that users are cautious about opening emails and downloading links on their computers, the same rules should apply to emails and SMS.

That said, you want to do everything in your power to be protected and safeguard your brand if it has been imitated. Cybersixgill now offers Rogue Application monitoring. If your company name or alias has been detected in an app store, which could include in the application’s name, description, or developers name, you will be alerted about it. Moreover, Cybersixgill’s platform allows you to investigate deep and dark web chatter related to malware that could impact you.

You may also like

Analyst looking at multiple monitors

July 11, 2024

Chinese APT40 Hackers Hijack SOHO Routers: Unleashing Cyber Espionage Attacks

Read more
Abstract digital landscape with flowing lines of glowing binary code in blue and orange, representing data streams and modern technology.

July 08, 2024

CVE-204-6387 Poses Risk to Organizations Relying on OpenSSH’s Server (sshd)

Read more
Black Hat Recap-Thumbnail

June 25, 2024

Third-Party Threat Intel and the importance of deep, dark web threat intelligence

Read more