Beware Trojan Mobile Banking Apps

Uploaded on 2020-06-23 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

Mobile banking applications usage has increased, partly as a result of the virus and lockdown and now the US Federal Bureau of Investigation (FBI) has warned that there is a rise in realted criminal acitivty. Usage of mobile banking applications has significantly increased, and this has recently risen by 50% since the beginning of 2020, an alert from the FBI’s Internet Crime Complaint Center (IC3) reveals.

The FBI advises users to excercise extreme caution when downloading banking Apps  to mobile devices, as they could hide 'malicious intent'.  

Cyber criminals target banking information using banking Trojans, are malicious programs that disguise themselves as other apps, including games 

Banking Trojans, are usually disguised as other apps and remain dormant on devices until the user launches a legitimate banking application. The Trojan may overlay a false version of the bank’s login page and trick the user into revealing their login credentials, which are then sent to human operators that leverage them to compromise accounts.

In some cases, cyber-criminals create fake apps that impersonate legitimate financial software, also in an attempt to deceive users into entering their credentials. 

Such apps usually display an error message after the attempted login and can steal security codes received by users by leveraging smartphone permission requests. According to the FBI,  nearly 65,000 fake apps have been detected on major app stores, making this one of the fastest growing sectors of smartphone-based fraud

To stay protected, users should download applications from trusted sources only, such as official app stores and bank websites.

Using two- or multi-factor authentication represents another means of staying protected from exploitation, as it is highly effective in securing accounts against compromise, the FBI notes. Modern MFA solutions (biometrics, hardware tokens, or authentication apps) are more secure compared to email or SMS-based methods.

The FBI also recommends the use of multiple types of authentication for accounts when possible, keeping an eye on where personally identifiable information (PII) is stored and only sharing the most necessary information with financial institutions, and avoiding clicking on links in emails or text messages, or sharing two-factor codes over phone.

The FBI recommends creating strong, unique passwords to mitigate these attacks. The US National Institute of Standards and Technology's (NIST) most recent guidance encourages users to make passwords or passphrases that are 15 characters or longer..

Users who encounter an app that looks suspicious are encouraged to contact the financial institution to report it. If a phone call claiming to be from the bank seems suspicious, users should hang up and call the bank at the customer service number on their website.

FBI:         Security Week:         The Hill:       

You Might Also Read: 

Malware – The Hateful Eight:

 

« Using AI In Cyber Security
Australia Assaulted By Severe State-Backed Cyber Attacks »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Performanta

Performanta

Performanta offer a consultative approach to people, process and technology, focusing on security projects in line with adversarial, accidental and environmental business risk.

SiteGuarding

SiteGuarding

SiteGuarding provide website security tools and services to protect your website against malware and hacker exploits.

Cyber Fusion Center - Maryville University

Cyber Fusion Center - Maryville University

Maryville University Cyber Fusion Center is a virtual lab for working on real-world cyber security challenges.

Cisco Talos

Cisco Talos

Talos is an industry-leading threat intelligence solution that protects your organization’s people, data and infrastructure from active adversaries.

SAS Institute

SAS Institute

SAS is a leader in business analytics software and services providing solutions for a wide range of critical business areas including risk management, compliance and fraud prevention.

ALTR

ALTR

ALTR provide software-embedded solutions for data security and privacy.

Socure

Socure

Socure’s identity verification increases auto approval rates, reduces false positives and captures more fraud. In real time.

Falcongaze

Falcongaze

Falcongaze SecureTower is a comprehensive DLP solution for the protection of business against internal threats.

Dasera

Dasera

Dasera’s Radar and Interceptor products deliver visibility, governance, and protection solutions for data-agile companies.

Interos

Interos

Interos is the operational resilience company — reinventing how companies manage their supply chains and business relationships — through a breakthrough AI SaaS platform.

ISECURION Technology & Consulting

ISECURION Technology & Consulting

ISECURION is an information security consulting company. We provide a unique blend of services to our customers catering to the current information security landscape.

Stacklok

Stacklok

Stacklok are an Open Source first security company enabling safe Open Source Software consumption.

CloudDefense.AI

CloudDefense.AI

CloudDefense.AI is an industry-leading multi-layered Cloud Native Application and Protection Platform (CNAPP) that safeguards your cloud infrastructure and cloud-native apps,

Skillfield

Skillfield

Skillfield is a Melbourne based Cyber Security and Data Services consultancy and professional services company.

Orchid Security

Orchid Security

Orchid Security provides unprecedented insight and action to your identity security with the help of advanced technologies like Large Language Models (LLM).

Synqly

Synqly

Synqly are on a mission to enable quick, secure, and sustainable integrations between any cybersecurity and infrastructure technologies.