CyberWisdom Safe Harbor Commentary on Mobile Bankers App:
Michael Flossman, director of threat intelligence at Lookout, a mobile security service, said: “When it’s installed on the device, it will show the overlay screen, which is a valid screen that prompts you to log in to your bank account.” The software knows to wait This screen appears until you try to legally contact your bank. ”
Lookout analyzed 30,000 mobile devices installed with one or more major banking applications. Flossman said the mobile threat history of these devices over a one-year study shows that 10% of mobile banking customers are at risk or at risk.
Another mobile security company, Avast, said that about 6% of its protected Android phones are threatened by malware. Only 2.6% of the robots are robots designed to steal customer bank accounts. However, such malware is rapidly growing and the threat detected in 2017 is up 50% over the previous year.
Avast said its research confirms the authenticity of the fake bank login screen. According to the Avast survey released on Tuesday, about 36% of respondents worldwide were fooled into mistakenly identifying a fake interface as the real interface of their bank.
Avast said at a press conference: “The findings highlight the degree to which cybercriminals apply complexity and accuracy to create credible copies to monitor users, collect information about their bank logins and steal their money.”
Mobile Banking Apps
Malware designed to take over consumer bank accounts is not new. The Financial Services Information Sharing and Analysis Center began testing this type of targeted malware nearly 10 years ago. Since then, banks have developed various security protocols that require multiple types of authentication before remote users can obtain funds in consumer accounts.
Gregg Temm, chief information risk officer at FSISAC, said: “This malware could trick customers into providing their login.” But banks are using multi-factor identification. They are looking at the IP location, the time of day, the number of times users typically log in, and a host of other factors. ”
He said that these precautionary measures may not be foolproof, but they can prevent the vast majority of thieves from invading the bank firewall.
However, security attacks are still present and are becoming more complex.
In fact, in addition to making legitimate bank logons screens, these viruses are usually spread through phishing emails, which is becoming more credible, Flossman said. For example, a consumer may receive a text message, ostensibly sent through the delivery service, saying “Your package has been delivered and click here for more information.” If you do this, your phone’s Operating system is open to crook malware.
“Once the software has compromised a device, it sends a message to all its contacts from that device that they need to install the application,” Flossman said. “You may not know clicking on a link from an unknown sender, but you may not be careful when the text comes from someone you know.”
In addition, some of these bank robots have been hidden in seemingly innocuous programs sold in legitimate application stores.
For example, Avast said a variation of BankBot Trojan is hidden in the trusted flashlight and solitaire applications sold on Google Play in November.
“We see a steady increase in the number of malicious applications on Android devices that bypass the security checks at popular application stores and get into the user’s handset,” said Gagan Singh, senior vice president and general manager of mobile. Avast’s. “Often they makeup games and lifestyle apps and use social engineering to trick users into downloading them.”
According to FSISAC’s Temm, good “cyber health” is necessary for anyone who protects online banking. especially:
Download free anti-virus software for your phone and it should block most malicious programs.
Make sure to keep your operating system updated. When an operating system vulnerability is found, the software company sends the update via a patch. The lack of one or more of these patches may put your phone under attack.
Please carefully download the new application. Do not download from unofficial websites and be cautious in major app stores, reviewing consumer reviews and using good common sense. For example, if you run a business with Wells Fargo and see only five consumers rate their bank applications, you should be suspicious.
If you bank by phone, you better be careful. Malicious mobile-banking software aimed at taking over consumer bank accounts has threatened up to 10 percent of consumer cell phones, security experts warn. Worse, the software is so sophisticated that it can easily trick even savvy consumers into divulging their banking credentials to the crooks. “When it is installed on a device, it will display overlays that are legitimate-looking screens that prompt you to log into your bank account,” said Michael Flossman, head of threat intelligence at Lookout, a mobile security service. “And the software knows to wait to serve that screen until you are trying to legitimately contact your bank.” Lookout analyzed 30,000 mobile devices with one or more major banking apps installed. Engaging post, Read More…
thumbnail courtesy of cbsnews.com.
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »