MOBILE BANKING MALWARE 101

By Edan Cohen – November 10, 2019

As smartphone penetration continues to rise, people rely on their mobile
devices to provide near constant access to information. The importance of
connectivity has made such devices an essential part of one’s personal
and work life, allowing users to complete various tasks while on the move.
Coupled with smaller screens on phones – and a user interface that
provides a simple (and limited) way to interact with a device’s applications,
smartphone users are increasingly becoming more vulnerable to social
engineering tactics.


Users are more likely to open potentially malicious emails, click a link sent
by SMS, or download a rogue application on their phone, where they are
often distracted, as opposed to a desktop or laptop. In this context, mobile-
based banking malware has increasingly become a threat. Broadly
speaking, there are two main types of mobile banking malware: fake
banking apps and mobile banking trojans.


Fake Banking Applications

Fake banking apps are rogue applications that appear to be legitimate and
are unknowingly downloaded through official app stores such as the
Google Play Store or in unofficial third-party app stores. They mimic a real
banking application to obtain login credentials, which can be used to
extract funds. In order to foster downloads, rogue apps can also imitate
other useful applications, such as those related to productivity, shopping,
financial, and stock related apps.


Mobile Banking Trojans

Mobile banking trojans compromise a device, oftentimes through social
engineering technique to trick users, much like the majority of malware.
These can often come in the form of a social media attachements or
reside on a malicious website, which then prompt a user to install an
application that appears completely legitimate. The most common method
to steal credentials in a mobile banking trojan is through the use of an
overlay template, which is applied to a legitimate banking app’s login
screen. The user then unknowingly provides their credentials to the threat
actor.

Read - Cybersecurity Threat Intelligence: Luxury or Necessity?
Not Just For Banking

While both fake banking apps and mobile banking trojans are targeting
your credentials through keylogging and screenshotting, they oftentimes
have capabilities beyond this scope. This includes but isn’t limited to
various ways to spy on you, including recording your audio, stealing
photos, text messages, videos, contact lists, calendar events, and browser
histories. Some have enhanced SMS capabilities – with the ability to hide,
send, or intercept texts. Additionally, they can create backdoors to deploy
additional malware, encrypt the files on your phone, and track your
location, among others. Fake banking apps and mobile banking trojans
can be more than just going after your credentials.


What should YOU do?

Threat actors on the dark web are constantly improving their capabilities
and respond to new security features meant to deny them of their source
of income. While this cat and mouse game will continue, there are ways
that one can mitigate the risks from the continuously evolving world of
mobile banking malware. Since people are frequently distracted when
operating mobile phones – they are more susceptible to becoming victims
to social engineering tactics. When downloading mobile applications, a
user is recommended to go to the developer’s website and click the link
from there. Be wary of requests to change permissions on your mobile
phone. In the same way that users are cautious about opening emails and
downloading links on their computers, the same rules should apply to
emails and SMS.

That said, you want to do everything in your power to be protected and
safeguard your brand if it has been imitated. Sixgill now offers Rogue
Application monitoring. If your company name or alias has been detected
in an app store, which could include in the application’s name, description,
or developers name, you will be alerted about it. Moreover, Sixgill’s
platform allows you to investigate deep and dark web chatter related to
malware that could impact you.

SCHEDULE A DEMO

Don’t miss out on the latest

Get notified on Industry updates.
we promise not to spam