Beware Trojan Mobile Banking Apps

Mobile banking applications usage has increased, partly as a result of the virus and lockdown and now the US Federal Bureau of Investigation (FBI) has warned that there is a rise in realted criminal acitivty. Usage of mobile banking applications has significantly increased, and this has recently risen by 50% since the beginning of 2020, an alert from the FBI’s Internet Crime Complaint Center (IC3) reveals.

The FBI advises users to excercise extreme caution when downloading banking Apps  to mobile devices, as they could hide 'malicious intent'.  

Cyber criminals target banking information using banking Trojans, are malicious programs that disguise themselves as other apps, including games 

Banking Trojans, are usually disguised as other apps and remain dormant on devices until the user launches a legitimate banking application. The Trojan may overlay a false version of the bank’s login page and trick the user into revealing their login credentials, which are then sent to human operators that leverage them to compromise accounts.

In some cases, cyber-criminals create fake apps that impersonate legitimate financial software, also in an attempt to deceive users into entering their credentials. 

Such apps usually display an error message after the attempted login and can steal security codes received by users by leveraging smartphone permission requests. According to the FBI,  nearly 65,000 fake apps have been detected on major app stores, making this one of the fastest growing sectors of smartphone-based fraud

To stay protected, users should download applications from trusted sources only, such as official app stores and bank websites.

Using two- or multi-factor authentication represents another means of staying protected from exploitation, as it is highly effective in securing accounts against compromise, the FBI notes. Modern MFA solutions (biometrics, hardware tokens, or authentication apps) are more secure compared to email or SMS-based methods.

The FBI also recommends the use of multiple types of authentication for accounts when possible, keeping an eye on where personally identifiable information (PII) is stored and only sharing the most necessary information with financial institutions, and avoiding clicking on links in emails or text messages, or sharing two-factor codes over phone.

The FBI recommends creating strong, unique passwords to mitigate these attacks. The US National Institute of Standards and Technology's (NIST) most recent guidance encourages users to make passwords or passphrases that are 15 characters or longer..

Users who encounter an app that looks suspicious are encouraged to contact the financial institution to report it. If a phone call claiming to be from the bank seems suspicious, users should hang up and call the bank at the customer service number on their website.

FBI:         Security Week:         The Hill:       

You Might Also Read: 

Malware – The Hateful Eight:

 

« Using AI In Cyber Security
Australia Assaulted By Severe State-Backed Cyber Attacks »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ITQ

ITQ

ITQ is an IT consulting firm with a focus on the entire VMware-product portfolio with three main services: Professional Services, Support Services and Managed Services.

Zerto

Zerto

Zerto provides enterprise-class disaster recovery and business continuity software specifically for virtualized data centers and cloud environments.

JLT Specialty

JLT Specialty

JLT Specialty is a leading specialist insurance broker. Services offered include Cyber Risks insurance.

Celare

Celare

Celare delivers DPI based network perimeter monitoring solutions with integrated Big Data security analytics and threat detection.

Calian Group

Calian Group

Calian is a diverse Canadian company offering professional services in areas including Advanced Technologies, Health, Learning and IT & Cyber Solutions.

White & Black

White & Black

White & Black are specialist corporate & technology lawyers based in London & Oxford.

Dutch Innovation Park

Dutch Innovation Park

Dutch Innovation Park in Zoetermeer is a breeding ground for applied IT solutions in the field of cyber security, e-health, smart mobility and big data.

Cysiv

Cysiv

Cysiv SOC-as-a-Service combines all the elements of an advanced, proactive, threat hunting SOC, with a managed security stack for hybrid cloud, network, and endpoint security.

Nexum

Nexum

Nexum takes a comprehensive approach to security, from detecting and preventing network threats, to equipping you with the information, tools and training you need to effectively manage IT risk.

National Academy of Cyber Security (NACS) - India

National Academy of Cyber Security (NACS) - India

National Academy of Cyber Security provides Professional Training Courses and Programmes in Cyber Security.

Boecore

Boecore

Boecore is an aerospace and defense engineering company that specializes in software solutions, systems engineering, cybersecurity, enterprise networks, and mission operations.

Breathe Technology

Breathe Technology

Breathe Technology has been providing Managed IT Support/ Service Desk, Cloud Services, Cyber Security & Communications to businesses and schools since 2003.

Loccus AI

Loccus AI

Loccus are developers of AI solutions in the voice safety space. We build identity verification solutions, deepfake detection systems and fraud protection products for companies and end-users.

Boldend

Boldend

Boldend offers leading-edge offensive and defensive cybersecurity solutions that empower government and commercial organizations to stay resilient in an evolving threat landscape.

enQase

enQase

enQase offers security beyond PQC; the only comprehensive, scalable solution that utilizes enhanced quantum technologies to protect data against current and future quantum threats.

Promptfoo

Promptfoo

Promptfoo helps developers and enterprises build secure, reliable AI applications.